Addressing mobile security needs
Learn about the mobile security landscape and how to manage and secure your organization's mobile devices.
The way your organization secures your devices partly depends on where your employees work, who owns the devices and what devices they use. Are your employees working from home or from the office? Does your company own the devices, or are you operating on a bring-your-own-device model? Are you using mobile devices, desktops, or both, and what operating system are they running?
The U.S. Bureau of Labor Statistics reports on how many U.S. workers above 16 years of age are working remotely. In June 2024, around 22% of workers work some or all their hours remotely. Industries like professional and business services, information, and financial activities see higher than average percentages, all 45% or above.
Remote work is far from uncommon and can present new challenges to cybersecurity. Businesses with remote workers have to defend their endpoints wherever they are — and on whatever random, unsecured Wi-Fi network they connect to. Additionally, as Michael Covington, VP of Portfolio Strategy at Jamf, mentioned in a recent webinar, 70% of workers don’t work behind a desk. This means workers require devices that are as mobile as they are, like phones and tablets.
In this blog, we’ll explore some considerations to take into account when defending the enterprise environment, focusing on mobile devices.
Threats to enterprise mobile security
To accommodate work outside of the corporate office’s network perimeter, companies sometimes rely on cloud-based applications for employees to get their work done. While this can save on infrastructure costs, this also introduces possible vulnerabilities that may be beyond your organization’s total control.
Cloud-hosted business applications are increasingly common. Gartner predicts that more than “95% of new digital workloads will be deployed on cloud-native platforms.” The 2023 IBM Cost of a Data Breach Report notes that 82% of data breaches between March 2022 and March 2023 involved data stored in the cloud. Breaches that involved multiple types of environments incurred a “higher-than-average cost” of $4.75 million.
Among the most common initial attack vectors IBM found were:
- Phishing at 16%
- Stolen or compromised credentials at 15%
- Cloud misconfigurations at 11%
So what does this mean for your mobile device security? Defending against these attack vectors can be tricky. After all, if attackers are using stolen but valid credentials, it isn’t always obvious when a successful login is malicious. And addressing security requirements with a mobile workforce can present a unique set of challenges. This is part of the reason IBM found that only one-third of companies discovered a data breach with their own tools.
Cybersecurity that meets your business mobility needs requires a defense-in-depth security strategy. In the next few sections, we’ll dive into some considerations to take into account.
Choosing mobile devices
What devices are your employees using to get their jobs done? In an ideal world, these devices should be:
- Keeping them productive
- Employees’ preferred device
- Secure by design
- Respectful of user privacy
Apple devices are secure by design with the best out-of-the-box security and privacy features, touting biometric authentication and enhanced encryption. Additionally, even if employees use their own Apple devices at work, their personal information stays private while company data remains protected.
Mobile device management
Mobile device management (MDM) is a foundational part of your security posture. MDM helps your organization manage and secure devices by:
- Keeping devices up to date and compliant
- Reducing security vulnerabilities
- Providing visibility into your device fleet
- Distributing vetted apps — so users don’t add their own
MDM keeps operating systems and apps up to date with the latest security patches, reducing vulnerabilities in your system. And if a device does fall out of compliance, it can help get the device back into working order.
With features like zero-touch deployment, IT admins can send devices to remote employees that are ready to enrolled into MDM — all without ever having to touch the device. And account-driven user enrollment lets users enroll into MDM themselves, even if they own the device. Either way, employees get connected to their work resources quickly and securely.
Secure connections
Speaking of connections — how exactly should employees access company resources? Historically, Virtual Private Networks (VPN) were used. But VPNs can grant users too much access to company networks that host sensitive information.
Zero Trust Network Access (ZTNA) grants access on a per-app basis by using context-aware access policies. Only verified users on compliant devices can connect, keeping your data out of attackers’ hands.
So what defines a “verified user”? The user must:
- Provide the correct credentials
- Pass multifactor authentication
- Behave as expected (location, time of day, other identifiers etc)
Threat detection and response
Even if you use devices that are the most secure out of the box, it isn’t enough by itself. You need threat detection capabilities that go beyond the native features. Threat detection and prevention on mobile devices needs to be able to identify and block:
- Malware
- Phishing attacks
- Network attacks
- Malicious websites
By monitoring your devices for suspicious activity, your endpoint protection software can prevent these attacks from compromising your data. When integrated with your MDM solution, you can identify when devices are out of compliance and remediate the issue.
Take a deep dive into mobile security.
Learn how to secure mobile endpoints in our paper.