How open-source MDM solutions simplify cross-platform device management

In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them.

He also discusses employee resistance to MDM and how open-source transparency can build trust. Lastly, McNeil shares insights on managing devices in remote locations and what’s next for MDM technology.

MDM

What are some of the biggest threats of unmanaged mobile devices, and how does MDM help mitigate these risks?

Unmanaged devices often access the same data as fully managed workstations, including email, communication platforms like Slack, and customer information in your CRM. Device management (MDM) ensures these devices are configured to meet the organization’s security standards and empowers administrators to respond to suspicious or malicious activity.

Unmanaged mobile devices pose significant threats including data leakage and unauthorized access to sensitive information. MDM solutions mitigate these risks by enforcing security policies and ensuring devices align with organizational standards. Open-source, cross-platform MDM provides an all-encompassing approach that helps simplify management and protects corporate data from potential breaches.

What are the most common reasons for employee resistance to MDM, and how can companies overcome these challenges?

Any time you install something on employee computers, it weirds some of them out. People wonder if they are being surveilled, and whether any silent “fixes” from IT might be what’s slowing down their computer today.

The biggest resistance to MDM is it can feel obtrusive and cross over the line of what is considered personal privacy versus what a company needs to do to protect its data. Apple and Google have recognized these challenges and have recently enabled MDM providers to implement management frameworks that allows personal data to remain private while still allowing the company to manage their data.

Fleet is open source, all the way down to the device enrollment software. Every employee at every company can “pop the hood” and see the source code that runs on their own machine. Like a journalist using Signal Messenger, this makes Fleet easier to trust with sensitive workloads, even if you personally never actually look at the source code.

This transparency reduces finger-pointing and encourages new levels of trust.

When our co-founder Zach was on Facebook’s security team, he was looking for an easier way to pull security-relevant information off of Facebook’s laptops and servers. At that time, 10 years ago, before osquery, every company had to write and maintain their own custom data gathering scripts for data they wanted to collect, with different programming languages and slight variations depending on whether you needed to collect data from Linux, macOS, or Windows computers.

Needless to say, this duplicated a lot of effort. It wasn’t long before engineers at different companies started sending scripts back and forth to each other. These scripts would eventually become osquery, the device enrollment software in Fleet.

Since releasing osquery as open source software, it has been deployed across millions of devices and used widely at companies big and small. You can even find it inside the source code of popular security software like Crowdstrike.

How do MDM solutions address issues with device diversity, such as different operating systems or IoT integrations?

Few MDM solutions effectively address the challenge of device diversity, as most are designed to manage specific hardware or software platforms. This limitation forces businesses to juggle multiple solutions to cover their entire device ecosystem.

Open-source MDM solutions, however, offer flexible, modular architectures that adapt to various operating systems and device types. Open standards and extensible APIs ensure cross-platform compatibility, from mobile devices to servers to IoT endpoints. Unified management interfaces abstract platform complexities, providing consistent administration across diverse devices, while collaboration with open-source communities broadens device support. These approaches simplify management for IT teams in heterogeneous environments, reducing the need for multiple specialized solutions.

What strategies can businesses use to manage devices located in remote or challenging locations?

To adopt an effective MDM strategy, businesses must first gain visibility and understand their entire device landscape. Maintaining an updated inventory in near real-time is crucial, as this supports key security initiatives like vulnerability management, patch deployment, and zero-trust network access.

An effective MDM solution enhances device management in remote locations by enabling developers and administrators to create lightweight agents for low-bandwidth environments and implement platform-agnostic policies for diverse ecosystems. With custom scripts and modular components, businesses can tailor management workflows to align with specific operational demands, ensuring seamless integration across various environments. This approach ensures consistent management across varying network conditions, simplifies the handling of diverse device fleets, and enables faster deployment of critical updates with minimal strain on central resources.

Are there emerging technologies or protocols that you believe will significantly enhance MDM capabilities in the next few years?

MDM is a framework accessible to all solution providers. As new features are added to the framework, every provider can integrate them, ensuring a level playing field in terms of core MDM functionality. The real excitement lies in solutions that extend beyond the basics, offering deeper device insights, enhanced capabilities, and tools that simplify administration. The most advanced solutions go a step further, enabling businesses to scale efficiently through automation and GitOps.

Several emerging technologies promise to significantly enhance MDM capabilities. AI and machine learning are improving predictive maintenance and optimization. Open standards are increasingly important for extending interoperability and security, including FIDO2 for passwordless authentication, SCIM for automating user provisioning, OAuth 2.0 for secure API access, and OpenID Connect as an identity layer.

Open-source tools, like osquery, are helping to simplify complex administrative tasks and fill gaps left open by service providers. These advancements, when integrated into MDM solutions, have the potential to extend functionality beyond basic device management, offering deeper insights, better user experiences, and improved administrative agility.

Apple is also championing the ACME protocol, and companies like Smallstep and Fleet are integrating features to make this possible.

Don't miss