Enterprise Mobility Management (EMM)

EMM is a set of tools and processes used to secure and manage mobile devices within an organization. It typically includes mobile device management (MDM), mobile application management (MAM), and mobile content management (MCM) to comprehensively protect corporate data.

MDM focuses purely on device-level controls like locking or wiping the hardware. EMM adds application and information management, while UEM represents the evolution of EMM, providing a single console to manage both mobile devices and traditional endpoints like laptops and desktops.

CyberSecure Canada requires organizations to either implement an EMM solution for all mobile devices or formally document the risks assumed to audit, management, and security functionality if they choose not to deploy one.

Yes, if BYOD devices access sensitive corporate information, they fall under the requirement. EMM solutions can use containerization to secure corporate data on personal devices without taking full control of the employee's personal hardware.

An EMM should enforce strong passcodes, screen lock timeouts, and data-at-rest encryption. It must also provide the ability to remotely wipe corporate data in the event of loss and restrict the installation of unauthorized or malicious applications.

Organizations must create a formal entry in their risk register or risk assessment report outlining the specific vulnerabilities introduced by unmanaged devices. This documentation must be reviewed and signed off by a senior leader acknowledging the accepted risk. Tools like WatchDog Security's Risk Register can structure the risk statement, compensating controls, and review dates, while WatchDog Security's Policy Management can help track sign-off and keep the approved record current.

Auditors will request EMM console screenshots showing enrolled devices and active compliance policies. They may also ask for the organization's mobile device policy and logs demonstrating successful remote wipe tests or policy enforcement. Tools like WatchDog Security's Compliance Center can centralize this evidence against CSC-06-010 and maintain an audit-ready trail, and WatchDog Security's Trust Center can help share approved evidence securely with external stakeholders when needed.

Yes, utilizing Mobile Application Management (MAM) to secure corporate apps and data without full device enrollment can mitigate substantial risk. However, the organization should still formally document why full EMM/MDM was not implemented to strictly satisfy the control wording.

EMM platforms support specific enrollment modes, such as User Enrollment or Work Profiles, that cryptographically separate work and personal data. This ensures IT can manage and wipe only corporate data while restricting visibility into personal apps, browsing history, and location.

Common mistakes include failing to enforce policies on BYOD devices, not monitoring for jailbroken or rooted devices, and neglecting to automatically block non-compliant devices from accessing corporate email and file shares.

Auditors typically want clear proof that mobile devices are managed (or that risks are formally accepted) and that evidence is current. Tools like WatchDog Security's Compliance Center can map CSC-06-010 to required evidence, store EMM configuration screenshots/exports, and track gaps over time so you can produce a consistent audit trail.

If EMM is not implemented, the key is a repeatable risk process: document the exposure, assign owners, define compensating controls, and obtain leadership sign-off with periodic review. Tools like WatchDog Security's Risk Register can capture the risk, treatment plan, and review cadence, while WatchDog Security's Policy Management can track approvals and acknowledgements with version history.