Deciphering MDM: Unraveling terminologies in device administration
The realm of cybersecurity is littered with acronyms, offering a concise and ostensibly sophisticated vocabulary to marketing materials. Yet, this linguistic economy comes at a price of complexity and controversy.
One of the controversies revolves around the distinction between acronyms and initialisms. Traditionalists insist that acronyms are only valid if they can be pronounced as words, implying that all acronyms are initialisms, though not all initialisms are acronyms.
The complications emerge when the initialism's meaning is gradually lost or supplanted, persisting in widespread usage as an accepted term despite its inscrutability. A prime example of this phenomenon is MDM—Mobile Device Management.
At its inception, MDM (Mobile Device Management) was primarily associated with smartphones, notably those utilizing the iOS and Android operating systems. These devices, more than mere phones, were versatile handheld computers with a broad array of applications designed for both consumers and businesses.
As the market matured, the term 'endpoint' gained prominence, encapsulating regular computers that were not servers, thus circumventing the cumbersome and clunky 'desktop, laptop, or notebook' descriptor. By the early 2010s, cybersecurity software for these endpoints was tagged with its own initialism—EDR (Endpoint Detection and Response).
Most vendors quickly adopted the EDR label, as products branded merely as 'anti-malware' or 'anti-virus' seemed antiquated in comparison to the more sophisticated terminology now favored by analysts for software offering extensive capabilities beyond mere virus scanning.
However, there was a snag in applying the name EDR to third-party security applications designed for mobile devices. Manufacturers like Apple and Google imposed significant control over third-party software vendors, making it challenging for EDR tools to function effectively on mobile platforms.
Apple, with its iOS, implemented stringent controls, restricting even the device owner from modifying the operating system and limiting the available apps to those from the Apple-operated App Store. Google Android devices were comparatively more versatile, but they nonetheless imposed restrictions on app interactions and third-party applications.
The result is a conundrum for cybersecurity innovation, as app-level threat-blocking programs are compromised when they cannot monitor other apps, thereby limiting their effectiveness and range. In fact, many vendors have abandoned EDR-style tools for mobile devices due to limitations imposed by Apple and Google.
Both tech giants provide some support for Mobile Device Management (MDM), although their approaches vary. MDM tends to focus on reducing the attack surface of devices used for corporate tasks, rather than detecting and blocking malicious behavior after it occurs.
On iOS, MDM can enforce safe app configurations, establish minimum device lock code and lock time standards, allow remote device lock and data wipe, prevent factory resets, and identify unauthorized device modifications. On Android, MDM can also be used to manage multiple profiles, each with its own apps and data stores, providing separation for work and personal use.
Getting value out of MDM necessitates compromise from both users and IT teams. Users, if they wish to employ their own devices for work, should be prepared to relinquish some control to IT teams, as this can offer crucial assistance in managing the device in the event of loss, theft, or unauthorized access. Conversely, IT teams should be flexible and mindful of users' needs, ensuring that MDM policies do not unduly compromise productivity or user experience.
It is essential to remember that MDM began as a solution for mobile devices but has since extended to cover laptops, desktops, and servers, under Microsoft's terminology at least. As technology continues to evolve, so too will the role and scope of MDM, presenting both challenges and opportunities for businesses and cybersecurity professionals alike.
Security operations center personnel often grapple with the ambiguity surrounding the initialism EDR (Endpoint Detection and Response), particularly in the context of mobile devices. Despite its initial association with devices utilizing iOS and Android operating systems, the broader term 'endpoint' has since been adopted, encompassing not just smartphones but also computers that are not servers. Nevertheless, the complications stemming from technology giants like Apple and Google imposing limitations on third-party EDR tools have led some vendors to abandon EDR-style tools for mobile devices, opting instead for Mobile Device Management (MDM). MDM, which can be implemented on both iOS and Android devices, offers control over device configurations, lock codes, data storage, and more, albeit at the cost of user control and potential compromise of productivity or user experience.
