Mobile devices have always been a cybersecurity challenge. The risk posed and the importance of mobile device security have increased as more people rely on mobile devices for remote work—connecting to company systems and applications and accessing or storing sensitive company data. RSA has an innovative approach for tackling the challenge of mobile device security with Mobile Lock.
Mobile Device (In)Security
The advent of mobile devices was effectively the first step on the path that eroded—and eventually obliterated—the network perimeter. They removed the shackles that tethered people to a specific office or desk and enabled people to be productive whenever and wherever they choose.
There are a variety of significant benefits to this freedom—for both the individual and the company. There are also some consequences that come with that freedom.
Jim Taylor, Chief Product Officer for RSA, shared some concerning statistics from the Verizon Mobile Security Index in a blog post announcing Mobile Lock. The Verizon report revealed:
- 79% agreed remote work adversely affected their cybersecurity
- 45% had experienced mobile-related compromise (twice as many as in 2021)
- 73% of those who experienced mobile-related compromise described it as “major”
The press release from RSA explains why mobile devices are uniquely concerning when it comes to cybersecurity today. “Recent studies reveal that 82% of breaches involved human elements, and high-profile breaches have leveraged the perfect storm of remote work, inattentive users, and Bring Your Own Device (BYOD) policies that connect personal devices to enterprise assets.”
A Better Mousetrap
RSA partnered with Zimperium to develop Mobile Lock. It is an innovative approach to mobile device security that takes the concepts of zero trust security and applies them dynamically to improve mobile device security with minimal impact on efficiency or user experience.
If Mobile Lock detects critical threats on a mobile device, it will restrict the user from being able to authenticate into secure company systems or applications and prevent the threat from expanding beyond the single compromised device and propagating throughout the network. At the same time, it alerts the IT security team so they’re aware of the issue and can take further steps to mitigate any ongoing threat and eradicate the threat from the affected device.
The best part for organizations is that it is not a new app to configure or a new device to manage. The Mobile Lock capability is embedded in the RSA authenticator mobile app that is already deployed on millions of devices.
I spoke with Rohit Ghai, CEO of RSA, about Mobile Lock. He told me that they wanted to advance their zero trust capabilities for security-sensitive customers and also assure the device that the individual is using. By adding the mobile device aspect, RSA intends to transform from an authentication and user assurance platform to a hybrid identity and access management platform.
“In the world of cybersecurity, there is this whole mantra around a shift towards zero trust and a move towards platform thinking—where you’re shifting the action from the perimeter-centric thinking to more of the edge because we are living in the world of hybrid work,” he shared.
Mobile Lock
There have been many attempts at more effective mobile device management and implementations of mobile device security. The challenge is finding the balance between protection and user experience—and not creating so much friction that it gets in the way of productivity and forces people to subvert or circumvent the protection.
Taylor summed it up in the RSA press release. “The best security is what your users will use. Mobile Lock is exactly that. This technology takes a highly-targeted approach to neutralize authentication threats and build device trust without placing any additional effort on your employees or disrupting their experience.”
.