When it comes to mobile applications, key security controls include the following:
- Mobile Application Vetting (MAV) ensures that applications comply with enterprise policies and do not contain known exploitable vulnerabilities.
- Mobile Application Management (MAM) ensures compliance in deployed applications. However, neither MAV nor MAM are generally aligned with zero trust to support continuous authentication.
- Mobile Threat Defense detects and mitigates threats from suspicious user behavior or network activity as well as from malicious attacks.
- Secure Containers provide isolation techniques to prevent organizational and personal data from commingling.
DIVE DEEPER: Discover how security strategies must adjust to accommodate work from anywhere.
Mobile operating systems themselves have built-in security features, including these:
- Data isolation techniques block unauthorized communications between devices and user data stores.
- Platform management APIs allow EMMs and other security management tools to control device security and functionality.
- User and device identificationa key enabler of zero-trust compliance, involves access via multifactor authentication.
Three Mobile Security Steps to Take Now
The mobile security technologies outlined above can go a long way towards implementing zero trust in the mobile environment. However, to fully implement mobile zero trust, the business should take three additional steps.
First, mobile application development and application security vetting need greater scrutiny to ensure alignment with zero trust for accessing enterprise resources. Applications should be carefully evaluated to make sure they support continuous authentication. Applications developed in-house should be reworked to include continuous authentication if not currently in place. MAVs should check that all applications — both those developed in-house and those acquired via operating system vendor app stores — comply with policies.
Second, ensure that mobile devices implement application and data segmentation. Although mobile operating systems have built-in security controls for enforcing segmentation and can sandbox apps and data, the business should scrutinize custom-developed enterprise applications for segmentation at the app and data levels. Enforcement of continuous multifactor authentication is also needed to ensure consistency with zero-trust principles.
Third, take steps to ensure tighter integration between EMM and mobile threat defenses to ensure timely threat mitigation. Many vendors are aligning their systems to the zero-trust approach, including continuous authentication assessment and reporting on device health.
READ MORE: Learn how to simplify device management in a hybrid work environment.
Improving Your Security With Intelligent Authentication
Some EMM systems include “intelligent” device authentication, combining biometrics with individual user behavior. Using advanced rule sets powered by artificial intelligence, these systems can enable adaptive authentication to drive precise security for each user interaction. Businesses can also tighten the integration between EMM and mobile threat defense systems and their existing logging, monitoring, diagnostic and mitigation systems.
Every enterprise is different, and there is no one-size-fits-all strategy for mobile zero-trust implementation. Each organization should develop its own roadmap and timeline aligned with its goals. Businesses can develop their strategies based on an assessment of the risks they face, with granular policies to mitigate risks.
Likewise, each organization needs to determine the granularity of continuous authentication to balance security and usability. Related changes should be integrated into that infrastructure as needed.
Finally, as with any security approach, technology is only part of the solution. Enterprises must review their mobile use policies and ensure that their processes and human factors are aligned with their zero-trust goals.