"Employees need seamless and secure access to corporate resources wherever they work."

At it-sa 2019, BusinessIQ's editorial team spoke with UEM expert Brian Foster, Senior Vice President of Product Management at MobileIron, about Zero Trust based Unified Endpoint Management. The company specializes in security frameworks for mobile devices.

teaser"Employees need seamless and secure access to corporate resources wherever they work."

No matter for what reasons – teleworking, customer visits, remote office - employees are increasingly no longer working in the office. In order to secure sensitive company data outside their own building, companies need an appropriate concept. How does a Zero Trust based UEM fit in?

As traditional network perimeters become obsolete, organizations need a mobile-centric, trusted approach that validates each device, establishes the user context, verifies app authorization, validates the network, and detects and resolves threats before granting secure access to a device or user. They need a solution that meets the security challenges of today's perimeterless enterprise while providing the agility and always-on access that enterprises need.

MobileIron's platform enhances proven Unified Endpoint Management (UEM) capabilities with zero trust techniques including Zero Sign-On (ZSO), Multi-Factor Authentication (MFA), and Mobile Threat Defense (MTD). Together, these methods and technologies provide a seamless, secure user experience by ensuring that only authorized users, devices, applications and services can access business resources.

 

Why use Zero Trust for mobile applications at all? Doesn't productivity suffer from such an approach? Regular logins, cumbersome multi-factor authentication mean employees are constantly losing time.

Mobile and cloud technologies have dramatically changed businesses around the world. Today, employees access multiple endpoints, applications, networks, clouds and operating systems across the enterprise without a perimeter. IT security managers must ensure that corporate data is protected wherever it goes and that users comply with corporate security policies and local regulations.

Static, perimeter-based security can no longer keep pace with all endpoints, users, applications and data that go far beyond the enterprise firewall. And the reliance on old security approaches such as pure password access control is no longer enough to secure this huge mobile cloud infrastructure – especially as stolen user data remains the primary cause of data breaches. That's why MobileIron paves a new way for enterprise security by eliminating passwords and making the mobile device your ID and secure access to the enterprise. Earlier this year, MobileIron introduced Zero-Sign-On technology, which checks a wide range of parameters including device, application, network, location and user context before granting access to corporate resources – without ever requiring a password. 

With MobileIron's zero sign-on technology, enterprises can eliminate passwords and enable secure and smooth user authentication on all devices. By enabling authentication of mobile devices with biometric access, enterprises solve the pressing issues associated with excessive reliance on traditional password authentication methods and eliminate one of the major causes of data breaches in enterprises without compromising productivity.

 

How do the employees react when a new UEM solution is introduced that already expresses "no trust" in its name?

With ease of implementation and end-user visibility, a mobile-centric zero trust approach bridges the gap between high security and low friction that is critical to success.

 

How does Zero Trust work with BYOD (Bring Your Own Device) or COPE (Corporate Owned Personally Enabled) models? Can the principle of least possible trust be easily applied there?

For BYOD deployments, organizations need a fully integrated security approach that covers the broadest range of operating system and device offerings to efficiently mitigate mobile threats while providing agility and access at any moment when employees need it. That's why many organizations invest and rely on Zero Trust.

A mobile-centric Zero Trust approach validates each device, establishes the user context, verifies app authorization, verifies the network, detects threats, and remediates damage before granting secure access to a device or user. It enables these actions to be continuously taken and data to be protected both on the device and on the network, resulting in a secure mobile work experience and increased productivity.

For BYOD and COPE, it's especially important to build an island of trust on the device so you don't have to manage the entire device.

 

Let's assume that the worst possible scenario occurs: a manager's Zero Trust smartphone is lost on a business trip. The finder can unlock the device. Does Zero Trust offer data theft protection?

The Zero Trust model allows companies to significantly reduce risk by having full control over their business data – even if devices are lost or stolen. If a device is lost or stolen, IT can locate, monitor, lock, quarantine, or completely shut down the device to protect corporate data. On BYOD and COPE devices, IT can send a warning message, constantly monitor, lock, quarantine, completely erase applications and corporate data without touching the private area of the device.

 

Should a company that already has a UEM solution switch to Zero Trust? If so, why?

 Companies need to verify that their UEM system is Zero Trust. A suitable solution must have the following features:

  • It must deploy appropriate applications, profiles and policies to a user on each device,
  • It must grant access to enterprise data based on the full context, control the user, all gestures of the device, authorization of the app, network type, presence of threats, and other problematic signals before granting access.
  • It must protect both stored and in transit data by encrypting it and constantly monitoring its security to detect device, network, and application-level attacks.
  • It must enforce security policies through continuous monitoring. If signals change, policies must be flexibly adapted to the new situation to minimize threats, quarantine devices, and maintain compliance.

 

How do you organize your mobile work internally at MobileIron?

 At MobileIron, we utilize our own, award-winning, industry-leading UEM platform, Zero Sign-On (ZSO), Multi-Factor Authentication (MFA), and Mobile Threat Defense (MTD) technologies.

 

One final question: How do you help companies support mobile work for employees?

To stay productive, employees need seamless and secure access to corporate resources from their mobile devices wherever they work. With a mobile-centric, trusted security platform, organizations can gain complete control over their business data without compromising productivity. IT administrators can ensure that corporate devices are always in a consistent and secure state, while employees can quickly access business applications and content.

 

Thank you very much for your clever insights, Mr. Foster!

Image Credit: Uwe Hauth

Datum: 15 October 2019, 8:10 am   |   Författare: MSK