Comment by macNchz
2 hours ago
Device management is definitely a big hole to punch into each machine, but, once you're above a handful of staff, managing devices manually is not really tenable, and I do think the restrictions provided by device management have tangible benefits (it's amazing what people will download and run without a thought).
Arguably the risks of the MDM should be assessed and mitigated with some kind of defense in depth approach—highly sensitive things like bulk wipe disabled with multi-person approval required to re-enable, hardware MFA requirements, anomaly detection + alerting for weird behavior, etc etc. I'd argue the risks stem more from badly configured MDM where a compromise of one sysadmin's browser has a company-wide blast radius, rather than the fundamental presence of device management itself.
I think I'm probably coming at this from a different perspective than IT people.
I've worked on IoT products where we've deployed fleets of thousands of devices without user interfaces placed all over the world in random, inaccessible places, hanging off cellular radios. We're definitely not managing those manually. Architecting management systems for that is always interesting. Sometimes the question would come up, "why don't we do X?" where X necessarily included the ability to brick the entire fleet (and probably kill the company) in 5 minutes. My philosophy was that certain things are too dangerous to exist, no matter how useful they might be.
Are you IoT devices ALSO used by humans directly, where they would be forced to have some admin permission to do their work if there was no MDM system?
MDM are clearly a possible SPOF for certain attack vectors, but are also the only defense against others (unless you want to hire a legion of IT helpdesk specialists)