When IT and security managers typically think of mobile security, mobile device management (MDM) is what comes to mind. While MDM is an important component of enterprise mobility management (EMM), managing devices is not enough. An oft-overlooked aspect of mobile security is the risk introduced by compromised devices, such as rooted or jailbroken devices, or by the presence of mobile malware. When a device is at risk, the data present on it is also at risk. That’s why market-leading EMM solutions provide integrated mobile threat management capabilities.

How Does Integrated Mobile Threat Management Improve Mobile Security?

Integration through mobile threat management solutions can now be added to EMM policy management to help identify device risk. Mobile threat management capabilities can detect malware and either report the risk or automatically delete the affected files. These tools can also detect rooted or jailbroken devices tied to an EMM policy. A good mobile security best practice when one of these devices is identified is to automatically wipe enterprise content on the device to prevent data leaks.

Not All Mobile Devices Can Be Managed

The vast majority of mobile applications are installed on unmanaged devices. Many enterprises develop business-to-consumer applications; others provide business-to-partner applications. In each scenario, the enterprise does not manage the consumer or partner device. The enterprise mobile applications it provides are installed on devices the organization can neither control nor manage. And some of these applications access private corporate information hosted by the enterprise.

Take the example of an insurance company providing a mobile application to its network of independent insurance agents. Agents have their own private mobile device, yet they still need access to policy information hosted by the insurance company. If an organization can’t manage the mobile device, how can they prevent enterprise data leakage should one become compromised?

Adding Mobile Security to Applications on Unmanaged Devices

Even if organizations cannot manage the devices their applications are installed on, there are still ways to identify risk and protect enterprise data. A software development kit (SDK) can provide risk information that is then used by mobile applications installed on unmanaged devices.

For example, if a mobile application built with the right SDK attempts to execute a financial transaction and finds that the device has been compromised in some way, it may choose to limit the transaction amount or block the transaction entirely. In the context of consumer retail or banking applications, the ability to manage transactions based on device risk can help prevent fraud in real time.

Watch the on-demand Webinar: Securing Mobile Access with Risk-Based Authentication

Managing Access to Enterprise Data From Compromised Mobile Devices

One of the biggest mobility challenges is preventing enterprise data leaks. Driven by the business benefits of mobile computing, enterprises are providing sensitive data to mobile applications on devices they don’t own or manage. But with an integrated solution, businesses can still manage access to their sensitive data.

This would allow a financial services company to build a mobile application to identify device risk. This information would be collected and provided through a mobile access manager for incorporation into the policy. If a user was trying to access sensitive financial information from a compromised device, the business could determine the risk of data leakage is too great and subsequently deny access.

Mobile Security for Unmanaged Devices: A Requirement and Best Practice

Enterprises are still responsible for safeguarding mobile applications and data. However, the risk from mobile malware, when combined with the risk from rooted or jailbroken devices, requires additional control. By leveraging device risk information and integrating it with secure access control, enterprises have the ability to provide mobile security for applications installed on unmanaged devices — which should be a best practice for anything that provides access to sensitive information.

more from Endpoint