Jun 05, 2013

Mobile Risk Management vs. Mobile Device
Management - What's the Difference?

In today's Whiteboard Wednesday, Dirk Sigurdson discusses the differences between mobile risk management and mobile devices management when it comes to mobile security solutions.

With the BYOD trend on the rise, it is important to have a mobile security solution in place so that your company's data remains safe from mobile attacks. This Whiteboard Wednesday will tell you what you should consider when shopping for a mobile security solution.

Read Video Transcript

Hi. My name is Dirk Sigurdson. I'm the director of engineering for Mobilisafe at Rapid7. And this week's Whiteboard Wednesday we're going to be talking about a question that we get often. And that's about what is the difference between MRM and MDM. The Mobilisafe Product is a MRM Product, or Mobile Risk Management Product. And I'm going to explain to you what the difference is.

With Mobile Risk Management we have the ability to assess the risk of mobile devices. And that's really important and critical with all these employees using mobile devices to access company resources. You really want to know whether or not those devices that the employees are using pose a risk to your company.

What we have done is, we've taken a look at the platforms themselves, the operating systems and the vulnerabilities that are associated with those platforms, to assess the risk and give each device a trust score.

Now, this is something that no MDM Product will give to you. So, really highlighting the vulnerabilities that are with mobile devices accessing your network, that's the first part of Mobile Risk Management.

The second part is providing risk mitigation capabilities. And so, with Mobilisafe, we give you a easy way for you to prompt employees to get their devices up to the most recent version of firmware. And with these updates, you'll remove the vulnerabilities that are increasing the risk for your organization.

Now, MDM they really give you asset inventory. So, getting a catalog of all the devices that are connecting, and they also primarily give you a way to remotely configure and manage these devices. Things like being able to push a policy down to the device. Being able to set information about how the device should connect to a VPN server for example.

There's a little bit of overlap between the risk mitigation capabilities and the device configuration capabilities of MDM. So, for example some risk mitigation capabilities might be two enforce a policy on a device. And you can see that there's some overlap between the two.

However, for some companies, and smaller to medium size companies, MRM can be a complete solution on itself, because of this overlap. So, if you're really looking at risk assessment, trying to identify which devices are bringing risk to your organization, and you just need some lightweight MDM capabilities, an MRM can be the whole solution for you.

Now for larger organizations, there may be certain features of MDM. They've gone into different areas where they're actually doing application management, being able to push applications down to devices. Typically MRM functionality isn't, MRM solutions don't provide that capability.

So, for some customers and MDM solution might be needed. However, even if you do figure out that you do need an MDM solution, the two can work side by side. So, if you install and MDM solution to push configuration down to devices, a risk management solution like Mobilisafe can also still work to assess the risk of those devices and highlight to bring visibility to the risks that your company are exposed to.

So, that's it for today's Whiteboard Wednesday. Thanks and we'll see you next week.

Try Mobilisafe Today

Take a self-guided tour of our mobile risk management solution