Govern mobile device access to Technology Assets, Applications, Services and Data (TAASD) to reduce attack surface and data exposure.
Organizations manage risks associated with organization-owned, employee-owned and third-party-owned mobile devices through centralized, risk-based controls for device access, configuration, data storage, monitoring and remote management commensurate with ownership model and risk.
Mobile devices occupy a specific risk position that differs from conventional endpoints and requires dedicated controls. The same device may access corporate email, store sensitive data and connect to personal cloud storage, with different ownership models (corporate-owned, employee-owned, or third-party-owned) determining what controls are technically and legally permissible.
The SCF's intent for MDM requires controls proportionate to the ownership model. A corporate-owned device can be subject to full management including remote wipe. An employee-owned device used for work creates a different control surface where the organization's authority to enforce controls or access data is limited. The MDM domain governs how organizations manage those distinctions through centralized, risk-based controls for device access, configuration, data storage, monitoring and remote management.
MDM is not a subset of Endpoint Security (END) even though both domains address device security. The specific challenges of mobile, including the diversity of operating systems, the mix of ownership models and the challenge of managing devices that are frequently off the corporate network, require dedicated treatment that endpoint security frameworks designed for conventional devices don't fully address.