At the start of the 2020s, the world began moving to a more mobile workforce. This trend enabled freelancers and corporate employees to work in cafes, homes, traveling, and on visits to client sites. In contrast, contractors who were not full-time corporate employees often accessed corporate data from outside the office just like internal employees.
COVID-19 accelerated the move toward mobility, increasing the need for mobility solutions. Enterprise Mobility Management (EMM) is an umbrella term that encompasses multiple approaches, while Virtual Mobility Solutions (VMS) are a newer, more cloud-based approach. Let’s look at VMS and EMM solutions in remote work and the increased use of mobile devices.
Mobility Management Solutions
Corporate-issued devices were the first mobility management solutions. Company devices used Mobile Device Management (MDM) solutions, allowing company control of the device, including permissions to see device data, lock or locate the device, and, if necessary, to wipe the device. At the time, MDM did not present privacy issues for employees because devices were used for company business only just as company-issued laptops.
Bring Your Own Device (BYOD) has grown in popularity, where employees use personal smartphones for work functions, and the idea of employers controlling devices with MDM software concerns users. MDM gives employers control over and visibility into personal devices, making it a controversial solution. Employees’ privacy is at risk, and corporations can be legally liable if they remotely wipe a compromised device. In some cases, BYOD’s privacy issues have meant a shift from managing the entire device to managing the apps, information, content, and device identities. However, concerns remain.
For example, Mobile Application Management (MAM) secures corporate apps on smartphones and tablets using ringfencing. Mobile Information Management (MIM) and Mobile Content Management (MCM) secure information and content, whether processed through company apps or stored elsewhere on the device. Another MIM, Mobile Identity Management, controls access to corporate data through identity.
With the remote workforce trend, companies have taken new security and usability approaches. Many are focusing on different though sometimes overlapping aspects of security, control, and user-friendliness. These solutions tend to be cobbled together. See our full breakdown of EMM and its components to understand the differences better.
The Pros, Cons, and Purposes of Traditional EMM
The primary purpose of EMM includes security, accessibility, and usability. Security is concerned with access to internal systems, corporate infrastructure control, and company data, wherever it resides (on office computers, mainframes, or on employee devices). Traditional EMMs focus heavily on security, given that corporate data is a high-value target.
EMM allows data access to travel to remote employees and contractors. EMM solutions protect apps against data leakage, safeguard networks, and handle identity-based access permissions.
EMM solutions with user-friendly interfaces improve employee and contractor productivity and satisfaction. Unfortunately, poorly designed EMM means users might circumvent apps, and managers might grant excess permissions compromising security.
EMM has many pros, or it would not be so widely adopted. Each traditional EMM component solves some security and accessibility challenges. Traditional EMM provides security for corporate targets such as wiping a device under MDM, wiping corporate data in an app under MAM, or locking out suspicious users under Mobile Identity Management. If the employee devices are powerful, and the network is stable, remote accessibility works with traditional EMM.
However, there are many downsides. First, EMM prompts fragmentation, confusion, and usability concerns, given the vast array of solutions. But, there are additional EMM drawbacks.
One problem with EMM is the cost of providing the devices. Even lower-end smartphones are expensive, especially when buying in bulk for an entire corporate workforce.
Security under EMM, while sufficient for many applications, is still a significant issue for applications requiring high-level protection. Traditional EMM solutions store and process data locally on the user device. Some sophisticated attacks, like memory (RAM) dumps, allow an attacker to capture the device’s data regardless of ringfencing. When the data is loaded locally, it must exist somewhere in RAM. An attacker with physical access can clone local encrypted storage, transport the data, and crack the encryption later without ever alerting the victim.
Traditional EMM solutions start with the assumption that they, at a foundational level, trust the integrity of the underpinning mobile operations system.
As for adoption, MDM can be intrusive, with wipe permissions for an entire personal device and spying on its usage. But other components also face resistance. Some MAM solutions may not permit installation on rooted or jailbroken devices due to those systems’ security risks. A MAM approach might intrude with a slew of locally-installed company applications, constant reminders of work on personal devices, even during weekends and evenings.
Two related and often initially overlooked issues are device lifecycle and diversity management. Inclusivity is essential for companies with BYOD, as employee devices and setups vary. As BYOD expands in the workforce, companies must incorporate more operating system (OS) versions, actual hardware, and device ages.
Each OS version has its vulnerabilities, so even though most devices are likely running iOS or Android, they may not be running the most updated versions. Lower-end hardware may struggle with storage space and processing requirements, while older phones have their vulnerabilities and need replacing.
Finally, one drawback that no traditional EMM solution can address is managing compute-intensive tasks. Traditional EMM solutions localize on the user device, and mobile devices do not work for high-powered computing. Therefore traditional EMM solutions cannot perform and manage high-powered computing tasks.
We’ve written a full article on the challenges facing traditional EMM, which you may want to read for a fuller exploration.
Virtual Mobility as an Alternative Solution
Virtual Mobility Solutions (VMS) like Hypori Virtual Mobility take a networked, cloud-based approach to EMM and maintain corporate data and apps’ integrity by moving them to a virtual data center. A virtual image of an Android OS initiates inside a container on the corporate server, and a simple remote viewing window application goes on the user device. The original data never transmits to the user device thwarting memory dump and storage clone attacks. Only the current image in memory can be recovered, and no data resides on local persistent storage.
Another security advantage of VMS is that all containers are always under the control of the centralized server. At no point can corporate devices go offline or rogue, taking corporate data hostage because the loss of connection equates to data access loss. Also, vulnerabilities can be patched from central command as soon as updates are available and will not affect the employee device.
Containerization can block the spread of malicious code from a compromised device by disallowing writing operations until passing a security check. Identity management is handled server-side, minimizing local-device authentication protocols and lifting low-spec smartphones and tablets.
Under a centralized container approach, lifecycle and device diversity issues evaporate. All essential data and processing occur within a centrally-controlled set of containers, not on multiple environments running various hardware.
Because computing power resides on the corporate servers, compute-intensive applications are manageable from low-spec hardware. Traditional EMM’s local data and process management does not have this capability, even on high-end smartphones, as mobile devices are not designed for compute-intensive tasks. VMS permits the control of these tasks and their full management of mobile devices.
Finally, because VMS implements as a single viewer window, there is less adoption resistance. Employees can install one corporate app locally and access many company apps and associated data on their virtual containers. Because of this, personal devices retain their storage space and sense of ownership for personal data. The viewer window is non-intrusive on the employee device but expands on the container.
VMS has implications for user experience (UX). Thanks to persistent storage on the corporate server, employees can set up their virtual space however they want, just like they do with their office desktops. This personalization provides a sense of control and increased productivity.
If the company has the resources, it may offer multiple persistent container spaces so employees can have different workspaces for different projects. Just one application would be loading only the data and programs necessary for a particular site, reducing clutter. Multiple containers can even serve as a layer of security. Identity management for a specific container with one set of data can be contextually-aware, only accessible from one particular range of IP addresses, such as the client’s network.
Virtual Mobile Solutions like Hypori boast many advantages over traditional enterprise mobility management, and the range of applications is quite broad. Hypori delivers highly secure, centrally managed, user-intuitive virtual enterprise mobility for your organization.