Managing mobile apps and devices is a challenge faced by all organizations these days. One technology that’s evolved to address mobile security, access management, and control is enterprise mobility management (EMM).
EMM is the combination of mobile device management (MDM) and bring your own device (BYOD) practices in one solution that is now often offered in broader endpoint management suites.
In this guide, we’ll provide an overview of the features and top vendors that define the EMM market today.
What is EMM?
The BYOD phenomenon, which involves employees bringing their own devices to work, posed challenges for organizations trying to maintain secure access to networks and data. MDM was the initial response to the challenge and focused on device enrollment and access. Mobile application management (MAM) also appeared to control data and applications on mobile devices.
Those technologies have been superseded by enterprise mobility management (EMM), a sophisticated set of technologies, policies, and processes that combine MDM and MAM, offering access, data protection, app management, threat management, separation of personal and work data, and visibility and control.
EMM, then, is all about managing the use of corporate- and employee-owned mobile devices within any organization. It provides insight into the applications and data being accessed by mobile devices to limit potential risks and to maintain corporate compliance. But EMM is also a constantly-changing field.
To accommodate the ever-changing set of device platforms and the latest mobility trends, new features keep being added. The latest trend is for vendors to begin to offer EMM functionality within broader endpoint management platforms.
Also read: Top Endpoint Detection & Response (EDR) Solutions
Selecting an EMM Solution
We evaluated the top EMM products to provide an overview of key features that organizations need so they can control mobility and limit security risks. At the most basic level, there are three core capabilities that all organizations need from an EMM solution:
- Visibility: Understanding what’s running on mobile devices is the key to creating compliance policies and being able to detect potential risks. Simply put, if you don’t know what’s running, how can you control the risk?
- Secure access: Providing the ability for mobile users to securely access applications and data is a core element of EMM. It’s imperative that organizations help their users to securely access applications while maintaining proper security controls.
- Data protection: Mobile malware happens; the best EMM solutions provide anti-malware and data protection capabilities to help limit the risk of breaches and data loss.
Looking beyond the basics, among the advanced features an EMM solution can provide are: secure web browsers that provide encapsulated internet sessions that limit the risk of attacks, application performance and security monitoring, application catalogs, and integration with cloud applications.
8 Top Enterprise Mobility Management Solutions
There are many EMM vendors in the market today. Some have just basic BYOD security functionality while others are limited to MAM. The vendors listed below offer BYOD and MAM security capabilities as part of a comprehensive EMM security solution. Some of them also offer EMM within a larger endpoint management package.
VMware – now part of Dell – is well-known for its server virtualization technologies, but it is also a major player in the EMM space. The company acquired Atlanta-based AirWatch in 2014. and today, VMware AirWatch is used by more than 16,000 organizations around the world.
This EMM platform enables users to centrally manage every device, every app, and every mobile use case, both corporate-owned and BYOD.
- Manage the lifecycle of any endpoint across all major operating systems (OSs) in a single management console.
- App-level management for BYOD or line of business use cases such as kiosk or shared devices.
- Deploy and manage any app—native, web, or remote—through a single app catalog across every device with built-in single sign-on (SSO).
- Automation engines to streamline device deployment and day-to-day mobility management.
- Layered security that encompasses the user, endpoint, app, data, and network.
- All security settings and policies can be configured on one platform.
- VMware Workspace ONE productivity apps suite is available with AirWatch to provide secure access and identity to business apps.
- Unified endpoint management.
Known as MobileIron before its acquisition by Ivanti, Ivanti Neurons for MDM is a cloud-based unified endpoint management suite that enables secure access to data and apps on any device.
- Simple onboarding and provisioning process for IT, with all the apps, settings, and security configurations.
- Native user experience across any device and OS.
- Manages and protects any iOS, macOS, Android, and Windows devices.
- The zero-trust approach ensures that only authorized users, devices, apps, and services can access business resources.
- Includes zero sign-on and mobile threat defense features.
Citrix Endpoint Management
Citrix has a long history of providing remote virtual desktop capabilities. Its EMM technologies emerged via the acquisition of MDM vendor Zenprise. The Citrix XenMobile EMM solution is a combination of Zenprise MDM and Citrix’s Cloud Gateway MAM technologies.
Recently, the company added the option of managing EMM functions via the broader Citrix Endpoint Management platform.
- Secures every endpoint and manages them from the same console.
- Enhances Microsoft Endpoint Manager (formerly Intune) deployments.
- A simple, consistent way to manage employee desktops, laptops, smartphones, and tablets through a single platform.
- Citrix XenMobile is deployed, operated, maintained, and secured by the internal IT team.
- Citrix Endpoint Management is delivered as a service and can be deployed via Citrix Cloud in as little as two hours.
- New features and bug-fixes are delivered every three weeks.
- Built-in redundancy and reliable performance.
- Data is encrypted with Azure Transparent Data Encryption (TDE) and never commingled with another customer’s data.
- Citrix Cloud Ops takes care of routine maintenance, operations, troubleshooting, and other activities.
- Citrix Secure Forms enables the creation of mobile business apps without writing a line of code.
BlackBerry, formerly known as Research in Motion, may still be best known for its smartphone device. Today, BlackBerry is mostly a software company, with one of the core elements being EMM.
BlackBerry’s EMM technology was gained through the acquisition of MDM vendor Good Technology. Recently, the company extended its capabilities to create Blackberry Unified Endpoint Management (UEM).
- BlackBerry UEM securely enables the Internet of Things (IoT) with complete endpoint management and policy control for devices and apps.
- A single management console offers end-to-end security.
- Migration of Android Enterprise activated devices and Dynamics-activated devices from BlackBerry UEM on-premises to BlackBerry UEM Cloud or to another BlackBerry UEM on-premises server.
- Provides an integrated view of users, devices, apps, and policies across multiple ownership models and platforms.
- Reduces hardware costs with an available cloud deployment option.
- Designed for BYOD, BYOC (bring your own carrier), COPE (corporate owned, personally enabled), and COBO (corporate owned, business only) ownership models.
- Manages and applies security to Microsoft Office 365 apps on iOS and Android devices.
IBM Security MaaS360
IBM entered the EMM market in 2013 with the acquisition of Fiberlink Communications and its MaaS360 mobile security platform. It provides a management suite for visibility and control, productivity suites with a trusted workplace, threat management and malware protection, content suite for secure collaboration, and a gateway suite for enterprise access.
- A core differentiator for IBM is its cognitive approach, powered by the IBM Watson system. The IBM MaaS360 with Watson capability adds machine learning and artificial intelligence insights to mobile user behavior.
- Single platform for all mobile assets.
- Initiate enrollment requests and configure both personal and corporate-owned smartphones, tablets, laptops, and IoT devices.
- Integrates with existing infrastructure and automates compliance rules, distributes applications and documents, contains corporate data, and provides remote help desk support.
- Secure Microsoft Office 365 apps and content on devices via identity management.
- Built-in identity as a service (IDaaS) with SSO and multi-factor authentication (MFA) to native and cloud apps.
- Visibility into remote end-user devices allows users to perform remote control on those devices.
Sakon’s Synkronize engine brings together in one place all of the scattered elements of a global IT infrastructure, normalizes them, and makes them easy to manage and transform. It links source data and transaction data from network and mobile service providers as well as HR and location information, then unifies it with service, logistics, and operations desks.
- Secure, open APIs connect the data to purpose-built applications and a global network of help desk partners to coordinate actions and provide visibility across systems.
- Organizes, cleanses, and normalizes information across geographies, carriers, and currencies.
- Applies a three-way match approach to compare assets, contracts, and actual costs to drive out waste.
- Works across devices with persona-driven user experience (UX).
- Delivers key performance indicator (KPI) and dashboard views of all network and mobile costs.
- Carrier fulfillment validation and contract negotiation.
Mobile Device Manager Plus by ManageEngine is an EMM solution that allows IT teams and administrators to manage devices across multiple platforms, enforce the required security measures to protect data on these devices, and enhance employee productivity by remotely distributing apps and securely granting access to the data required by employees—all from a central console.
Automated device onboarding
- Facilitate the automated bulk enrollment of corporate-owned devices out of the box with tools like Android Zero-Touch, Apple Business Manager, and Windows Autopilot.
- BYOD devices that are already in use can be enrolled by sending invites to users through SMS or email or by allowing users to self-enroll their personal devices.
- Integrate directory services like on-premises Active Directory, Azure AD, Okta, or G Suite with MDM and simplify the process of assigning devices to users.
- Configure security policies and restrictions on devices even before they are distributed to the user, ensuring devices are compliant out of the box.
Samsung Knox Manage secures phones, tablets, and other devices. This suite of enterprise mobility solutions is built from the hardware chip up to isolate, encrypt, and secure data—including confidential files, credit card transactions, passwords, and health data.
- Available from Samsung or partners such as Verizon.
- Flexible management and granular control of mobile devices across different operating systems.
- Simple deployment and mobility manageability at scale.
- Track device location and turn managed devices into a kiosk.
- Cybersecurity for mobile devices.
- It allows IT admins to remotely manage employee apps, data storage, device lock and wipe, and more from a cloud-based command center.
- Primarily for Samsung Galaxy devices, it can manage any Google Android, Apple iOS, or Microsoft Windows 10 device.
Read next: Mobile Malware: Threats and Solutions