Enterprise Mobility Management (EMM) serves many important functions in a modern workplace, but chief among them is the ability to keep data secure. Security doesn’t have a one size fits all solution, and it is important to first know what your particular needs are.
After all, we don’t see many armed guards performing pat downs of every shopper at department store exits, but we do see other forms of security such as alarms and cameras, because they are much more effective – and efficient – forms of security for their specific needs.
In the world of device management, an outdated but still widespread method is to install an “agent” program, like a guard, on the device itself. An agent is created for a specific manufacturer and model to access the system settings and applications to secure and control the device. It is an autonomous program that, in the context of EMM, performs tasks on behalf of the organization managing the device. The downside is the agent is always running and hogs a lot of memory, which isn’t ideal in real world applications, where you expect and require your device to function normally. This can especially be a problem in a Bring Your Own Device (BYOD) scenario, where the employee’s phone may not be the fastest, most current model.
This is where agentless management comes in.
Agentless EMM
An agentless EMM setup performs the same functions of agent-based without the inherent downsides of installing what is essentially a bot to a device, instead using an advanced central automated system to push updates, permissions, and software to enrolled devices. Agentless systems are also quick and easy to set up since they don’t require you to install model-specific software on each individual device. This adds up to a lot of hours your administrators can spend doing literally anything else.
One way that agentless management can provide a more streamlined service is by utilizing integrated features of the device’s operating system (OS). For example, with each new version of its OS, Android has added Enterprise features and services that are built into the device – like “Work Profile”, which creates a separate profile for work apps and data that is managed independently of the user’s personal profile, keeping data separate and safe.
Tradeoffs
Of course, there are always tradeoffs, and it is important to note that an agent-based system can provide real-time protection against security threats with constant monitoring of the device, even without network access, unlike an agentless system. This could be advantageous in certain highly sensitive sectors. However, it will also require patches and updates to each installed agent to remain effective, and failure to keep them up to date could actually make you more vulnerable to a network-wide attack.
You see, an agent can be corrupted, and not to sound too much like a spy novel, but a double agent can do a lot of damage right under your nose.
Agent-based management
Agents are only as secure as their developers’ practices. The extra hours spent on development, regular updates, and administrative observation leads to more bugs, more tech support sessions, and potentially more down time. The simple truth is that agent-based management isn’t inherently more secure than an agentless solution. You still need to exercise best practices for either to work effectively, and with agent-based there is a much higher administrative workload to do so.
There is a false narrative, however, that suggests using the outdated method is somehow more secure, appealing to the familiar and ignoring the progress that has been made in that time. Even if that were true, not every business that needs an EMM has the infrastructure to support robust agent-based management. It’s no surprise that 20-year-old tech is less efficient than modern cloudless EMM solutions.
emSentry – our advanced Android mobile management offers an intuitive, secure platform that is easy to adopt for any size business. From easy device enrollment and comprehensive feature controls to our user-initiated Remote Control, emSentry is designed to help you manage your Android fleet without all the fuss.