Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


June 6, 2012 |

MDM vs. MDSM: Adding Security to a Mobile Device Management Strategy

Contrary to popular belief, mobile device management (MDM) does not include a security strategy. Learn about the difference between MDM and mobile device security management (MDSM). By Winn Schwartau

Contrary to popular belief, mobile device management (MDM) does not include a security strategy. Learn about the difference between MDM and mobile device security management (MDSM).

By Winn Schwartau

After almost thirty years in security, I get a little finicky when I see terminology misused, misapplied and all too often, used to mislead. And so I take to task the unfortunate catch-all mobile acronym, MDM (Mobile Device Management) that is the current leader in misunderstanding, inaccuracy and false promises.

I am a security guy, and I like engineering-style precision, especially in rapidly emerging security disciplines such as mobility. I am not going to criticize specific companies – I hope to offer clarification and a much-needed more accurate alternative term: Mobile Device Security Management, or MDSM.

MDM, in both iOS and Android, offers a compact set of tools for a fairly basic level of device management. However, despite the repeated erroneous claims to the contrary, MDM is a not a mobile security solution. If it were, your laptop security posture would be as follows:

  • Password length, complexity & duration controls
  • Block adult materials
  • Block browser and five Browser controls
  • Erase laptop within 24 hrs using native Active Sync

That’s it. That’s all you get with MDM.

The industry should explicitly refer to comprehensive mobile security as MDSM, wholly independent of and distinct from MDM.† At last count there were around 80 MDM-only vendors, some of whom, more so than others, position MDM as an adequate mobile security solution.

Ask yourself a simple question: Would you (or your security sensitive organization and customers) ever deploy laptops with the anemic list of capabilities above and call it security?† Of course not.† MDM is not security.

Many organizations, initially under the belief that MDM tools alone would meet their security needs, are now discovering the cost and pain of dismantling their inadequate MDM approach in favor of deploying more comprehensive mobile MDSM suites.

Who today would deploy corporate laptops without at least some of the following controls in place?

  • Anti-virus, anti-malware detection for email and downloads
  • Wireless and company communications over a non-SSL VPN the user cannot bypass
  • Force all, or some defined subset, of traffic over corporate resources
  • IPS and hostile activity detection and remediation
  • Firewalls with highly granular controls
  • Content filtering
  • Hidden IP address of the device
  • Corporate DLP and SIEM enforcement

All of the above are crucial components of MDSM.

Of course the native MDM controls are one piece of a total mobile enterprise security architecture.† But as many companies have discovered, MDM alone is not up to the task.† As you examine MDSM in your shop, let me add a couple of additional ‘foods for thought’ that should be considered in all mobile device deployment plans.

  • Should your mobile population be secured with the same amount of care and diligence you take in your fixed enterprise?
  • Does your existing policy sufficiently address mobile security and the added risks they present?
  • Should a mobile device be treated as a dumb terminal?
  • How does data in transit and data at rest on mobile devices differ and affect your organization’s ability to maintain compliance?
  • Are you going to attempt to work out an acceptable security-functionality balance for a BYOD (Bring Your Own Device) policy?
  • Or, will you only allow devices under company control to touch your networks, much as you do with BlackBerry today?

Admittedly, proper MDSM is not easy. Yet because MDSM includes many specialized security controls and processes, vastly different than MDM, MDSM is deserved of independent recognition and identity – wholly separate from MDM.

WINN SCHWARTAU is the chairman of Mobile Active Defense, a smartphone security company.

Editor’s Choice

Chicago Shines as Host City for ChannelPro’s 1st 2024 Live Event

March 1, 2024 |

The live event on Feb. 28-29 brought together a full house of managed service providers and IT consultants for networking and business-boosting educational sessions.

Exclaimer is Embracing MSPs With a New Program. Could Email Signatures Be Newest ‘as a Service’ Offering?

February 28, 2024 |

If you never thought email signatures could be a source of recurring revenue, think again. Managing it can help you and your customers monetize email in a way you probably never thought possible.

EXCLUSIVE INTERVIEW: Nerdio CEO Shares Insights on Integrating AI in MSP Operations

February 22, 2024 |

Fresh off of his company’s recent announcements, Vadim Vladimirskiy shares how Nerdio is committed to leveraging AI and other technologies to enhance the MSP experience.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience