Jamf Blog
A newly-poured foundation: Jamf MDM as foundation for security
November 4, 2022 by Haddayr Copley-Woods

A holistic approach to security: Mobile Device Management (MDM)

You probably have a good idea of what Mobile Device Management (MDM) is.

But did you know the crucial role that a well-built MDM plays in organizational security?

What is Mobile Device Management?

Most regular readers of Jamf blogs know that Mobile Device Management (MDM) is how organizations support, provision, manage and update mobile devices from a central location. It’s also a way for IT to automate as much of the process as possible, which frees up IT time for more complex tasks, planning and strategy. It additionally removes the human error factor. Learn more about Mobile Device Management and Jamf.

One aspect of MDM that is often overlooked: its pivotal role in digital security.

What does MDM have to do with security?

Even if you have an excellent endpoint security system, it won’t do you much good if you have to manually update machines instead of updating them all at once.

Manual updates take time, but hackers never sleep.

Even a delay of a few hours or days can leave your entire fleet vulnerable to attack through an exploit of a known weakness. Updating versions, patches and OS versions the instant they are available is absolutely vital to your organization’s cyber security plan. Without an MDM that offers same-day support and automated patch management, you can be leaving yourself wide open to attack.

And then there is always the human error factor: We are only human, and humans forget things, unexpectedly become ill or make data-entry mistakes. Correctly configured MDMs do not.

Updated permissions and configurations are a powerful security weapon.

According to a 2022 data breach investigations report by Verizon Wireless, the ways that hostile actors gain access to an organization’s protected data is “largely dominated by the use of stolen credentials to access an organization's internet-facing infrastructure.”

An organization that ensures permissions for only those who genuinely need access to secured data will be safer than one that doesn’t. Configuring devices to ensure that they meet compliance rules is also necessary to ensure security.

Inventory management

An automated inventory management system, standard in some MDMs, means that it’s easy for Apple admins to shut down iPhones that go on walkabout, ensure that every device is updated and confirm that all devices have the proper encryption and sign-in technology installed.

What does effective mobile device management mean for organizations?

Effective mobiledevice management can transform an organization from a haphazard conglomeration of various security levels, updates and encryption statuses to a buttoned-up, well-oiled machine. MDMs allow your organization to automate standard updates, permissions and configuration requirements. This leaves very few openings for hackers to take advantage of.

MDM can also save Apple admins enough time so that they can focus more on security and less on IT tickets and updates. It can empower individuals in an organization as they go about equipping themselves with the secure tools they need for their jobs.

This creates a much better user experience and saves time wasted on waiting for tickets for simple issues like updates and loading software. It improves employee productivity and online safety with access to vetted apps and with configurations that allow for only secure, encrypted access to company resources.

Aren’t all MDMs basically the same?

Absolutely not.

Before you decide on an MDM product, you need to first take a close look at not only what your organization needs now, but at what it might need for the future. Each organization has unique needs based on the number of employees and devices, the mobility of its workforce, whether devices are individually-assigned or shared and even what industry the organization serves.

MDM for schools

Schools and districts, for example, might need specialized resources that only an education-specific MDM can offer such as those offered by Jamf School: an intuitive interface; apps for teachers, parents and students; and school-specific content filtering as required by law.

MDM for small-to-medium-sized businesses

Small-to-medium-sized businesses might need a product lighter on features (and on cost) such as Jamf Now, but want the ability to switch to a more robust MDM such as Jamf Pro as their organization grows. Why pay for the whole shebang when you only need a few features? And why lock yourself into a smaller service that can’t grow with you?

Healthcare, manufacturing and retail MDM

Industries such as healthcare will probably want to ensure that they use an MDM with industry-specific workflows and add-ons such as Healthcare Listener that works with existing industry software to improve clinical communications and the patient experience. Healthcare, manufacturing and retail will need workflows that automatically wipe and re-provision shared devices to allow for apps, access and permissions based on user rather than device.

Other important considerations

Make sure you choose a solution that will grow as you grow, one that accommodates advanced capabilities, features and workflows that you’ll need in the future; or else you’ll once again be looking for a new solution. Also important: take care to choose an organization with a strong background in Mobile Device Management and enough expertise to prove they know what they’re doing, such as Jamf.

***

This post is one of a series on a holistic approach to security. See a roundup of all of the posts, or read one below:

Photo of Haddayr Copley-Woods
Haddayr Copley-Woods
Jamf
Haddayr Copley-Woods is a senior copywriter at Jamf. She writes about tech, specializing in Apple and Jamf with a focus on education, accessibility and security.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.