MDM AND PRIVACY MANAGEMENT


How to manage company’s devices ensuring privacy for the user

Enterprise Mobility Management solutions are intended to manage sensitive data and information and to allow the safe management of company’s devices.

MDM is regarded with suspicion by many people who compare it to a Big Brother that spies and sees everything.
That’s because MDM solutions are often implemented without following the right patterns and criteria, which are suggested by Android Enterprise or Apple, and they invade the user’s personal spaces.

In order to safeguard the security and the privacy of mobile devices, it is fundamental to avoid that they are or will be “unlocked”, this means that they undergo root operations for the Android world and jailbreak for the iOS world.

MDM accesso alla privacy dell’utente

What happens if I have an “unlocked” device?

An unlocked device is basically not reliable anymore, nor safe, and personal data become vulnerable.

If your Android management solution is based on root permissions, it is probably capable of accessing personal data as the history of your locations, messages, your passwords and photos.
These kinds of Android management systems are unacceptable, also because a structured management system called Android for Work has established itself since 2014, and it then evolved into the current Android Enterprise

What does it mean that the device is managed by your organization?

When an organization manages a device, it means that it possesses tools to carry out some operations, while ensuring the privacy of the device owner in the first place.

1.	MDM gestione della privacy

Ermetix MDM is a solution which is really careful about privacy and is GDPR compliant. Ermetix offers solutions for every kind of management in which user’s personal data and company’s data are expected to be on the same device.

Thanks to Ermetix MDM software, the IT administrator will be able to carry out operations like initializing the device in case of loss, setting up configurations and restriction without having access to accounts, passwords, personal data, emails, contacts, calendars, photos or other data in the apps.

For other Android services like Geofencing, the user can decide whether or not to share the access to the location.

Also as regards the management of documents, Ermetix MDM can download files in “Downloads” and can work actively only and exclusively within the folder Documents/Ermetix_DOC.

Android
Android

BYOD

Thanks to a zone called Work Profile, Ermetix MDM can apply restrictions and rules only within these limits. This means that Ermetix MDM cannot, in any way, act on any personal information or on the settings of the same device, except for forcing the entry of a passcode. When the working day ends, the device owner can pause the Work Profile blocking any update.

COPE or COBO

In this case the device is managed but Ermetix MDM cannot access personal data as emails, contacts, calendars, messages, apps and passwords.

Ermetix MDM is able to apply configurations, set the Wi-Fi, put restrictions, establish runtime permissions, but it can’t see anything.


iOS
iOS, iPadOS, tvOS

BYOD

Through the registration of the device or the user enrollment with the Managed Apple ID, the MDM can apply restrictions and configuration only to work apps and to the Managed Apple ID.

COPE or COBO

Apple’s MDM framework on which Ermetix MDM is based, prevents people from accessing data of apps, messages, contacts, calendars, passwords or any sensitive data that doesn’t belongs to the company.