Interview with Lars Stahl, Technical Project Manager at Materna Virtual Solution
In discussions with customers, we often hear organizations and authorities answer the following when asked about their mobile security strategy: “We have an MDM in place.”
Mobile Device Management manages their mobile devices and the company data on them – often on the assumption that this provides sufficient security. But this conclusion is deceptive.
Mobile device management (MDM) is undoubtedly an important tool for centrally controlling mobile devices. But is it enough to really work securely – especially in a regulatory environment or with VS-NfD data? Lars Stahl, technical project manager at Materna Virtual Solution, explains why administration is not the same as security, where MDM systems make a contribution – and where their limits lie.
Mr. Stahl, many authorities and companies rely on MDM solutions. Is that enough to guarantee mobile security?
No, definitely not. An MDM alone does not provide real security – it is a management tool, not a security concept.
To put it metaphorically: believing that an MDM provides security is like believing that a RAID system replaces a backup. Both are justified, but they fulfill completely different tasks.
What exactly does an MDM do – and what are its limits?
An MDM manages devices: it can roll out policies, distribute apps, lock devices or delete them if they are lost. But it does not automatically protect the data itself.
There is a lack of central security mechanisms such as:
- consistent separation of private and business areas,
- End-to-end encryption for communication and files and
- Access protection at application level.
Without these functions, confidential information can theoretically be copied, forwarded or tapped into insecure apps. Administration is no substitute for effective data protection.
What does this mean in concrete terms for BYOD or COPE models?
The risk is particularly high with Bring Your Own Device (BYOD) or Corporate Owned, Personally Enabled (COPE).
An MDM can enforce certain usage guidelines, but it does not sufficiently separate private and business data. Without secure containerization, there is always a risk that sensitive information will come into contact with private apps.
This is simply unacceptable for authorities that work with confidential data.
And what does this look like in the context of BSI requirements and VS-NfD information?
An MDM alone does not meet the BSI requirements or the specifications for the processing of classified information – for official use only (VS-NfD).
The Federal Office for Information Security requires a tested security architecture for this protection requirement – this includes isolated workspaces, certified encryption and strict access controls.
A pure MDM does not meet these requirements because it does not create an isolated, hardened working environment.
Which solution closes this security gap?
This is where container technology comes into play – for example with SecurePIM.
SecurePIM creates an encrypted container, separate from the operating system, in which all sensitive functions are bundled: Email, calendar, contacts, documents, browser, messenger.
data never leaves this secure area unchecked. At the same time, the device remains easy to use, even on private or shared smartphones and tablets.
The solution is also BSI-approved for VS-NfD, can be integrated into existing MDM structures and thus supports the implementation of true digital and mobile sovereignty – i.e. the ability to work securely, independently and from any location at any time.
Conclusion: What role will MDM play in the mobile security architecture of the future?
MDM remains an important foundation – but it is not a protective shield.
Management without protection is like control without a control effect.
If you are serious about mobile security, you need both: MDM for device management and container solutions such as SecurePIM for data security.
In short: MDM is good. SecurePIM makes it secure.