When we consider mobile device management security we’re not just referring to mobile phones. There are increasingly new ways to work “mobile”, especially as remote working is on the rise. So what precautions should you take to protect your data? We explain where you may find your devices vulnerable and how to prevent risks to your security.
WHAT IS THE EDGE?
As it has become known, the network edge is the very last bit of your network that devices connect to. There has been much talk about a certain Chinese manufacturer’s kit being used in “non-core” (think network edge) deployments.
Think about the edge as your WiFi access points or that old switch hanging around under the desk as there aren’t enough wall ports for your office. Pause for a second, though; is the network device really the edge of your network? I’m writing this from home on a corporate device, yet I have no corporate-controlled networking kit at home. Extend this thinking a little more. If I’m at the local coffee shop, reading a work-related email on my phone – I’m still connected to the corporate “network” as such, via 4G – about as far removed from the network “edge” as I could be.
Following that line of thinking, the “real” network edge isn’t part of the network at all – it’s now all about the endpoint, the device you use to connect to corporate data. This is why our focus refers to mobile device management security rather than network security. If you flip the focus of security in this way, you can help avoid unnecessary risks by protecting your devices, rather than expecting networks to do the protecting for you.
ENTER THE CLOUD
Now that we have cloud access for everything, the network edge is not so relevant. Having a secure cloud service is one thing. Still, if the devices accessing those secure services are compromised, then a potential attacker could have access to the same information and systems as the legitimate user. So while device owners can benefit from accessing their data anywhere, it may leave them vulnerable to cyber criminals also accessing their data from anywhere.
Device security often links to the controlled environment they are used in — that is the challenge. This means that mobile device management security is not as strong once outside the corporate network and controls like firewalls and web-filtering. Devices outside these controls are more vulnerable to visiting compromised websites, malicious downloads and direct or interception attacks, otherwise known as “man-in-the-middle” attacks.
SECURING THE ENDPOINT IN THE CLOUD ERA
In many ways, “cloud” is the new “main-frame.” The endpoint, in many respects, is the equivalent of the “dumb terminal” which you only use to access information at the central store. Your current “dumb terminal” is not so dumb after all, and the cabling used to connect back to the central store is shared by everyone else on the internet. With a cloud service, the “central store” is not so central but can be multiple de-centralised stores, albeit grouped in concentrations (think cloud-scale data-centres).
WHAT ARE THE PROBLEMS WITH CLOUD?
With cloud, we have a new way of accessing and working with our data, which we need for mobile devices. The challenge here is that we use our devices much more, which opens up mobile device management security issues.
One of the main selling points for cloud is its accessibility from anywhere. While there are significant benefits to the freedom and flexibility of cloud, it leaves devices vulnerable. The ease with which we can access our data comes with an increased potential for anyone else to access your information anywhere.
CAN IT BE MADE MORE SECURE?
When exploring how to make cloud services more secure, the main question is to reduce the information security risk associated with using access-from-anywhere technology.
Several opportunities exist for increasing the levels of security for mobile device management. There are challenges in that data can be accessed from almost any device with a web browser or run any code that could use an API or a web crawler/bot. The use of cloud has increased hugely, and traditional security technologies used by many organisations haven’t always kept up. Thankfully, however, you can also apply the same basic approaches for conventional corporate networks to reduce risk in a cloud context — the key difference being how the controls are applied.
8 MOBILE DEVICE MANAGEMENT SECURITY TIPS
Cloud-enabled endpoint management is simple enough and otherwise known as MDM or Mobile Device Management. The term mobile device, however, is quite broad. So when we’re discussing mobile device management security, note that we are referring to mobile phones and other devices such as laptops and tablets.
There will never be ultimate security, but there are some pragmatic things that you can do. These are some areas we recommend you prioritise:
- Keeping software updated. As new updates become available on the software, installing the latest version is essential for the most recent security features. A recent example of this was when WhatsApp was left vulnerable to a buffer overflow issue via a remote phone call, an issue that would only affect previous versions of the app.
- Have a firewall. Ensuring your endpoint device has a firewall can help to protect your data. Ideally, it will do more than prevent unwanted remote connections. It will prevent the device from browsing to known compromised sites, detect malicious downloads and block them. In an ideal situation, your endpoint should have the same rules outside of the corporate network as inside, and there are several ways of doing this.
- Content filtering can be extremely useful — not just for avoiding malicious content. Filters can also flag other potential hazards like data sharing sites, webmail, un-controlled chat services etc.
- Encryption of your mobile devices. Though not all “encrypted” devices are completely secure, dedicated hardware can help to reduce risk. Check out our previous post on hard drive encryption for a more thorough breakdown of the risk areas.
- Make sure all devices that access data are “managed”. This goes beyond the standard access data like usernames, passwords and two- or multi-factor authentication. For additional levels of security, consider conditional access, based on if a corporate platform manages a device. Measures like this are fast becoming a prerequisite for accessing corporate clouds – either public or private.
- Limit user access. Consider whether or not your end user really needs to download the latest game to their corporate mobile device? Do they need administrator access on their corporate laptop? Grant access only when and where necessary. Least privilege applies in the “cloud” as well.
- Endpoint intelligence. What is going on right now vs yesterday? Centralised logging of events, detecting trends, learning for incidents in other devices are key ways of identifying issues and implementing corrective actions.
Ensuring all those endpoints have appropriate antivirus protections in place. System monitoring and inventory management are key here.
On that last point, even a corporate device that is not being “managed” shouldn’t connect to corporate resources. Hidden or unmanaged devices which have permission to access networks and data are some of the largest security risks, as they are unknown. Getting those devices under control helps improve your overall security posture.
Final Thoughts on Mobile Device Management Security
This may seem like a lot of work, but the initial outlay of time and resources far outways the potential risks of not taking such precautions. There are now more capabilities to cover these areas than ever before. Much of this functionality is available on multiple platforms to help protect you and your data. Most attacks take advantage of known issues and general security failings, so getting the basics right will provide you with a solid security foundation.