July 20, 2015 By Tom Mulvehill 3 min read

When IT and security managers typically think of mobile security, mobile device management (MDM) is what comes to mind. While MDM is an important component of enterprise mobility management (EMM), managing devices is not enough. An oft-overlooked aspect of mobile security is the risk introduced by compromised devices, such as rooted or jailbroken devices, or by the presence of mobile malware. When a device is at risk, the data present on it is also at risk. That’s why market-leading EMM solutions provide integrated mobile threat management capabilities.

How Does Integrated Mobile Threat Management Improve Mobile Security?

Integration through mobile threat management solutions can now be added to EMM policy management to help identify device risk. Mobile threat management capabilities can detect malware and either report the risk or automatically delete the affected files. These tools can also detect rooted or jailbroken devices tied to an EMM policy. A good mobile security best practice when one of these devices is identified is to automatically wipe enterprise content on the device to prevent data leaks.

Not All Mobile Devices Can Be Managed

The vast majority of mobile applications are installed on unmanaged devices. Many enterprises develop business-to-consumer applications; others provide business-to-partner applications. In each scenario, the enterprise does not manage the consumer or partner device. The enterprise mobile applications it provides are installed on devices the organization can neither control nor manage. And some of these applications access private corporate information hosted by the enterprise.

Take the example of an insurance company providing a mobile application to its network of independent insurance agents. Agents have their own private mobile device, yet they still need access to policy information hosted by the insurance company. If an organization can’t manage the mobile device, how can they prevent enterprise data leakage should one become compromised?

Adding Mobile Security to Applications on Unmanaged Devices

Even if organizations cannot manage the devices their applications are installed on, there are still ways to identify risk and protect enterprise data. A software development kit (SDK) can provide risk information that is then used by mobile applications installed on unmanaged devices.

For example, if a mobile application built with the right SDK attempts to execute a financial transaction and finds that the device has been compromised in some way, it may choose to limit the transaction amount or block the transaction entirely. In the context of consumer retail or banking applications, the ability to manage transactions based on device risk can help prevent fraud in real time.

Watch the on-demand Webinar: Securing Mobile Access with Risk-Based Authentication

Managing Access to Enterprise Data From Compromised Mobile Devices

One of the biggest mobility challenges is preventing enterprise data leaks. Driven by the business benefits of mobile computing, enterprises are providing sensitive data to mobile applications on devices they don’t own or manage. But with an integrated solution, businesses can still manage access to their sensitive data.

This would allow a financial services company to build a mobile application to identify device risk. This information would be collected and provided through a mobile access manager for incorporation into the policy. If a user was trying to access sensitive financial information from a compromised device, the business could determine the risk of data leakage is too great and subsequently deny access.

Mobile Security for Unmanaged Devices: A Requirement and Best Practice

Enterprises are still responsible for safeguarding mobile applications and data. However, the risk from mobile malware, when combined with the risk from rooted or jailbroken devices, requires additional control. By leveraging device risk information and integrating it with secure access control, enterprises have the ability to provide mobile security for applications installed on unmanaged devices — which should be a best practice for anything that provides access to sensitive information.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today