Today’s end users are looking for access to company data without sacrificing privacy — and organizations want to offer that data to employees without sacrificing security.
With this in mind, we can break down mobility management into two methodologies:
- Managing the endpoint and, by default, managing the applications and data
- Managing the apps and the data and leaving the endpoints alone
Both are valid methods of managing corporate applications and data. But which one is the best for your organization?
Access without Compromising Security
A Mobile Device Management (MDM) deployment is perfect and appropriate if the device is corporate-owned and has an asset tag on it. This enables the organization to support bulk enrollment and have full device-level controls, such as:
- Device-level restrictions
- Wi-fi controls
- OS update controls
- System-level application control
- Location-based tracking
Unlike most unified endpoint management (UEM) solutions in the marketplace, Citrix Endpoint Management (CEM) MAM-only enrollment provides all the same security features and capabilities without requiring MDM enrollment. This is becoming increasingly important as employees are becoming less and less likely to agree to MDM enrollment of their personally-owned devices. Citrix Endpoint Management MAM-only is GDPR compliant, mitigating the user’s risk of losing personal data.
A CEM MAM-only enrollment enables organizations to provide access to company resources without compromising security. This is accomplished by using MDX, the Citrix app container technology that enhances the mobile endpoint experience and supports secure deployment and management of apps with CEM policies and settings. MDX includes micro-VPN technology.
Apps enabled with MDX technology are separately encrypted using AES-256-bit keys. This encryption at the all level frees CEM MAM-only from being dependent on device-level encryption. Additionally, CEM includes more than 70 policies to manage and secure the app and data it processes. Key app protection policy areas include:
- Authentication – such as requiring an app passcode or specifying an alternative NetScaler Gateway to enforce multi-factor authentication
- Access – such as timers that specify the length of time an authentication token is valid
- Encryption – such as requiring device database and keychain encryption (iOS only)
- App Interaction – controlling copy and paste, open-in, or allowed URLs
- App Restrictions – allowing or blocking device functions like camera, microphone, or location services
- App Network Access – specifying micro-VPN, per-app VPN use, or require http proxy server and include settings
- App Logs – specifying level of detail, and parameters like how long to store each
- App Geo-fencing – specifying restricted use coordinates
- Secure Mail – includes a variety of Secure Mail settings such as mail server, ability to export contacts, or email marking classifications
- Secure Web – also includes a variety of settings such as allowed or blocked URLs, preloaded bookmarks, or URL whitelists
- Kill Pill – causes the container to lock or erase itself if it hasn’t been able to successfully connect to Citrix Endpoint Management (CEM) server within a configurable interval
See MDX Polices at a glance for more information
Stay Productive on Personal Devices without MDM Enrollment
Mobile productivity apps, such as Secure Mail, Secure Web and ShareFile, support MDX and provide a suite of productivity and communication tools within the CEM environment that are secured by company policies. Corporate line-of-business apps can either embed the MDX support via an SDK or be wrapped using the Citrix App Wrapping Tool.
With the use of the mobile productivity apps and the Citrix Workspace, organizations can allow end-users to access the information that is important to them and stay productive without having to require MDM enrollment of their personally owned devices.
Click here to learn more about mobile device management with Citrix Endpoint Management.
