25-6-2025 –, Zaal 5
Taal: English
In this 30-minute talk, I will walk you through the seas of Mobile Device Management (MDM) and Mobile Application Management (MAM). Specifically, I will explore how IT Security Departments can overcome resistance and foster acceptance of MDM policies among faculty, staff, and students. Drawing on the research done at SURF for my master's thesis, I will explain how combining security requirements and users' experiences in MDM policies can significantly boost their acceptance and increase security. I will share practical recommendations for crafting effective MDM policies tailored to the unique environment of educational institutions, ultimately leading to higher MDM adoption rates.
Organisations in several fields often try to implement technologies, policies, and tools that fail to gain traction among their employees, sometimes leading to avoidance of official IT solutions and adoption of "shadow IT" by employees, which exposes the organisation to severe security risks.
The reasons for this resistance to certain policies and technologies vary: these solutions might complicate daily tasks, be poorly implemented, or lack clear communication about their purpose. However, the core barrier to adoption is often acceptance. When a technology mandated by an organisation is also embraced by its users, adoption rates increase. Therefore, the key challenge is fostering acceptance: how can IT Security Departments understand resistance and develop policies and solutions that are genuinely accepted by the end users?
One particularly challenging area is Mobile Device Management (MDM), where privacy concerns add an extra layer of complexity. To address this, I turned to the Technology Acceptance Model (TAM), a framework that helps practitioners design IT policies and tools that users are more likely to accept. In my master's thesis research, I applied a version of the TAM as the theoretical framework: I assume that user acceptance will increase if Security Departments account for the user experiences (concerns, issues, needs) when designing security policies and choosing MDM or MAM solutions.
In fact, the TAM describes how ensuring that users perceive the benefits of a policy, find it easy to follow, and feel their privacy is protected, can significantly boost their acceptance. Crucially, to understand the issues, needs, and preferences of faculty, staff, and students, Security Departments must take one essential step: engage in dialogue with the end users!
So, this is what I have done: by talking to employees as well as security practitioners, I discovered which elements should be included in MDM and MAM, and which shouldn't. During this half-hour session, I will guide you through my findings and share practical recommendations to achieve higher acceptance and adoption of MDM and MAM policies in higher education institutions. By focusing on the unique environment of educational institutions, I will provide insights into how these recommendations can be tailored to meet the specific needs of faculty and staff. This approach ensures that MDM and MAM security policies not only enhance protection but also support the educational mission by being user-friendly and respectful of privacy.
Paolo Maggioni is an Information Security Officer at JBT Marel, with a strong focus on business continuity and on human-centered approaches to information security. He holds a BSc in Security Studies from Leiden University and is currently completing his Master’s in Information Science at Radboud University. Paolo is currently writing his thesis at SURF, within the Security Awareness and Organisatie Team. He holds four ISO certifications, reflecting his expertise in information security, business continuity, crisis management, and risk governance.