When IT and security managers typically think of mobile security, mobile device management (MDM) is what comes to mind. While MDM is an important component of enterprise mobility management (EMM), managing devices is not enough. An oft-overlooked aspect of mobile security is the risk introduced by compromised devices, such as rooted or jailbroken devices, or by the presence of mobile malware. When a device is at risk, the data present on it is also at risk. That’s why market-leading EMM solutions provide integrated mobile threat management capabilities.

How Does Integrated Mobile Threat Management Improve Mobile Security?

Integration through mobile threat management solutions can now be added to EMM policy management to help identify device risk. Mobile threat management capabilities can detect malware and either report the risk or automatically delete the affected files. These tools can also detect rooted or jailbroken devices tied to an EMM policy. A good mobile security best practice when one of these devices is identified is to automatically wipe enterprise content on the device to prevent data leaks.

Not All Mobile Devices Can Be Managed

The vast majority of mobile applications are installed on unmanaged devices. Many enterprises develop business-to-consumer applications; others provide business-to-partner applications. In each scenario, the enterprise does not manage the consumer or partner device. The enterprise mobile applications it provides are installed on devices the organization can neither control nor manage. And some of these applications access private corporate information hosted by the enterprise.

Take the example of an insurance company providing a mobile application to its network of independent insurance agents. Agents have their own private mobile device, yet they still need access to policy information hosted by the insurance company. If an organization can’t manage the mobile device, how can they prevent enterprise data leakage should one become compromised?

Adding Mobile Security to Applications on Unmanaged Devices

Even if organizations cannot manage the devices their applications are installed on, there are still ways to identify risk and protect enterprise data. A software development kit (SDK) can provide risk information that is then used by mobile applications installed on unmanaged devices.

For example, if a mobile application built with the right SDK attempts to execute a financial transaction and finds that the device has been compromised in some way, it may choose to limit the transaction amount or block the transaction entirely. In the context of consumer retail or banking applications, the ability to manage transactions based on device risk can help prevent fraud in real time.

Watch the on-demand Webinar: Securing Mobile Access with Risk-Based Authentication

Managing Access to Enterprise Data From Compromised Mobile Devices

One of the biggest mobility challenges is preventing enterprise data leaks. Driven by the business benefits of mobile computing, enterprises are providing sensitive data to mobile applications on devices they don’t own or manage. But with an integrated solution, businesses can still manage access to their sensitive data.

This would allow a financial services company to build a mobile application to identify device risk. This information would be collected and provided through a mobile access manager for incorporation into the policy. If a user was trying to access sensitive financial information from a compromised device, the business could determine the risk of data leakage is too great and subsequently deny access.

Mobile Security for Unmanaged Devices: A Requirement and Best Practice

Enterprises are still responsible for safeguarding mobile applications and data. However, the risk from mobile malware, when combined with the risk from rooted or jailbroken devices, requires additional control. By leveraging device risk information and integrating it with secure access control, enterprises have the ability to provide mobile security for applications installed on unmanaged devices — which should be a best practice for anything that provides access to sensitive information.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read