Introducing EMM
Background
In the past, organizations used to strictly enforce the COPE (corporate-owned, personally enabled) model on mobile devices to ensure data security. However, multiple users can use a single COPE device, reducing the level of accountability and increasing the level of vulnerability. Today swipe-savvy smart phones have flooded the market due to the evolution in mobile devices. As a result, organizations are getting accustomed to adopting the BYOD (bring your own device) program, which allows employees to use their personal mobile devices to access valuable corporate data and applications. This helps to increase employee collaboration, efficiency, and productivity; however, the organization is vulnerable to security threats. Therefore, organizations have a growing need to monitor and manage corporate and personal (employee-owned) mobile devices that have access to corporate data.
Overview
WSO2 Enterprise Mobility Manager (EMM) is a unique solution designed to specifically address the mobile enterprise needs. EMM includes of two key components: Mobile Device Management (MDM) and Mobile Application Management (MAM). WSO2 EMM also supports single sign-on (SSO) and multi-tenancy.
MDM enables organizations to secure, manage and monitor Android and iOS powered devices (i.e., smart phones, ipod touch devices and tablet PCs), irrespective of the mobile operator, service provider, or the organization. Users need to accept the policy agreement, which states all the actions that can be carried out on the device when enrolling with MDM. MDM only controls the corporate data that is present on the devices, while the personal data is left untouched.
The administrator can create policies in MDM, and define the MDM aspect of the policy (i.e., device management rules) via the MDM Console. EMM policies can be set at various levels, namely user level (L1), platform level (L2) and role level (L3). L3 policies have the lowest priority. L2 policies override L3 policies, while L1 policies override both L2 and L3 policies. When employees register their devices with MDM, the applicable policy rules (e.g., enabling the phone lock, disabling the camera, and more) will be enforced on their devices. WSO2 EMM constantly monitors all the registered devices for policy compliance. WSO2 EMM will automatically generate a notification and carry out follow-up actions in the event a device is in violation of the enforced policy. The administrator can select the follow-up actions (e.g., send the user a warning message, enforce the policy again, and more) based on their security requirements.
MAM enables organizations to control corporate applications (apps) on devices that are enrolled with the MDM. MAM consists of three key consoles: Publisher, Store and MAM Console. Users use the Publisher to manage enterprise apps throughout their app life cycle, which include app states such as, published, unpublished, approved, rejected, deprecated, and retired. The Store acts as a marketplace and contains all the corporate mobile apps, which users can search, view, rate and install on-demand. The administrator uses the MAM Console to manage users, administer MAM policies, and install or uninstall mobile apps in bulk. The administrator can define the MAM aspect of a policy (e.g., blacklisted apps and apps to be installed upon policy enforcement) via the MAM Console.