Mobile Device Security: 4 Challenges to Overcome

Today’s workforce looks increasingly like a constellation: various individual endpoints connect together to deliver on a company’s objectives. And that constellation is always growing—users have transitioned away from operating solely on corporate devices. Today, work involves being able to access resources and applications from the comfort of home via phones, laptops, tablets, and more.

This growing network of disparate devices poses a challenge for security teams that are faced with securing these various endpoints. Now, as companies embrace the reality of having a large remote workforce, ensuring device security has become a top priority.

In our previous post, we discussed how this influx of devices is changing the way people work and the potential risk that brings for organizations. This post will expand upon four challenges that companies face when dealing with device security, and the steps they should consider as they look to better protect their edge.

1. Legacy tools offer limited protections

As they adapt to the demands of the modern workforce, many organizations still rely on on-premises identity tools such as Active Directory (AD) or other LDAP directories. Unfortunately, these systems are proving that they can’t keep up with the continued adoption of cloud-based technologies. On-prem directories often work best with on-prem endpoint management tools that have difficulties in (or make it very complicated for teams to administer) sending security policy updates to devices beyond the corporate network—making it easier for user devices to become points of vulnerability for the organization and its data.

2. Disparate operating systems impact policy consistency

Windows devices used to be the gold standard in the workplace. Now, Android, Mac, and iOS devices continue to see increased prominence in the enterprise and beyond. Each of these operating systems has particular security needs and nuances in how IT can enforce device security policies. In addition, few endpoint management tools properly address the policy requirements of all major device platforms.

The common set-up is for organizations to have two or more endpoint management tools in place: one for Windows and MacOS, and another for iOS and Android. This can be cumbersome to manage, and leaves noticeable gaps for devices that operate outside of these predetermined groups.

3. User- and device-based risk policies are hard to reconcile

Organizations use identity solutions to critically assess security risks from user login data. Armed with knowledge of each login’s context, they can make the appropriate call on whether or not to grant access. While identity solutions help to enable secure access decisions, many organizations also require endpoint security and/or endpoint detection and response tools. In many cases, these endpoint tools are not integrated in any way to the existing identity solution.

By using separate solutions, organizations end up creating different policies for user- and device-based security risks. This can leave security teams struggling to cover all of their blind spots when controlling access to company resources.

4. Identity and device protection in the workplace are often siloed

Team structure is an understated factor impacting device security. In larger organizations, separate teams manage identity solutions, desktop solutions, and mobile solutions, and they may completely lack mutual knowledge or visibility into how the other operates. Communicative blocks around identity are common, even in mid-size businesses, as teams managing identity and endpoints have little interaction.

It’s a similar story with the technology itself: endpoint security tools aren’t necessarily integrated with IAM software. If an employee’s device is compromised, it’s difficult to pinpoint what company resources the device can access. Security’s only option is to lock down the device, which inconveniences the user and impacts productivity.

What strong, seamless device security looks like

As you work towards further enabling your remote workforce with secure access to the tools, applications, and servers they need, here are a few steps for you to keep in mind.

  • Integrate your identity- and device-based access policies. Only devices that are known and managed by your endpoint management tools should access key corporate resources. As a result, you’ll close the window of opportunity for unwanted access attempts.
  • Tie user and device risk signals together in your access decision-making policies. This will allow you to better account for vulnerabilities without obstructing employees as they work from home. For instance, if an approved user attempts to access your system with a device infected with malware, prohibit access from that device—rather than blocking the user entirely. Conversely, if a known, secure device attempts to sign in from a new location, prompt the user for further authentication.
  • Reduce friction with passwordless access for trusted users and devices. When you’ve identified users and devices of very low risk status, passwordless access gives users a frictionless path to core applications, while strong authentication can still be enforced to more sensitive applications.
  • Let users work from their devices of choice—as long as you can secure them. Ensure you have coverage over a widespread selection of operating systems and technologies to give your users the optionality they’re looking for.

Taking this approach to device management will help you find that balance of usability and security that ensures the various endpoints in your corporate constellation can work together effectively. As they work from their home office, users will only receive credential prompts when necessary, and access policies readily identify user and device-based risks—the perfect balance.

There’s always more to learn about device security. Check out these resources to help fine-tune your approach: