It’s Cybersecurity Awareness Month, so let’s discuss a topic that has been around for a decade but is recently gaining significant traction in business circles: zero trust. The concept of zero trust has been around since John Kindervag coined the term in 2010. Google’s internal implementation through it’s BeyondCorp team in 2011 was one of the first examples. The objective of the group was simply to allow “employees to work more securely from virtually any location,” a very progressive idea given the first Android phone was launched only three years earlier. Businesses are exploring zero trust and have begun to implement it to help manage the flow of corporate data to mobile devices.

Today, mobile working is commonplace. Recent research by Deloitte found that 40 percent of workers use a mobile device as part of their job. The zero trust model is important for businesses that are undergoing digital transformation to enable productive mobile workflows.

Simply put, zero trust means no implied accreditation, always ensure security and only provide visibility into what you need to. Access should only be granted on a case-by-case basis per app; everything else should remain hidden. A successful, scalable and secure mobile-enabled business strategy should incorporate zero trust.

The Advent of Modern Productivity

It is no secret that businesses have embraced mobile workflows for productivity gains. These companies have embarked on continuous digital transformation to capture this latent potential within their organization. The three pillars of this productivity shift are the concepts of enablement, identity and zero trust.

Unified endpoint management (UEM) enables employees to easily use mobile devices to work wherever they are, creating new, more productive workflows. Businesses use UEM today to push apps, password policies and email settings seamlessly to thousands of devices. This technology gives administrators an invisible pair of hands to remotely configure and manage the devices and apps that employees use. The ability to manage Windows 10 devices as well as mobiles has allowed companies to consolidate the configuration tools they use, leading to a rise in UEM deployments.

Identity and access management (IAM) helps by simplifying access. Users only need to remember one password. If the identity of the end user accessing data is known, single sign-on (SSO) can be provided. With the number of business apps ballooning, employees must remember an ever-increasing number of credentials and businesses need better ways to manage access. IAM removes the requirement to remember multiple login details and continuously authenticate. The technology can also act as a security tool, providing a layer for multifactor authentication (MFA) and a single link that IT teams can limit if a breach is detected.

UEM and IAM provide some of the tools IT teams need to control how company data is managed, but both suffer from the critical flaw of implied trust. It is implied that the connection is secure and private, that the device is uncompromised by malware, and that other apps on the device are not leaking information. Mobile threat defense (MTD) acts as a third pillar to create a zero trust posture that truly enables mobile productivity.

Managing a Blurred Boundary

Although many of the opportunities for mobile digital transformation were driven by UEM and IAM, they left a gap in security posture. Businesses knew who was accessing data and through what device, but not whether the device, applications or network were secure. Organizations also struggled to discover whether a compromise had even occurred; Verizon found that 63 percent of business-related breaches were reported by third parties.

MTD can provide the insights businesses need to make informed decisions about when their data is accessed. Continuous conditional access (CCA), a method of consistently evaluating security to determine risky activity immediately, allows businesses to control how and where their data is being accessed in real time. Best-in-class MTD products are capable of providing conditional access by monitoring device, app and network threats to ensure that data being sent to a device remains secure.

Building Zero Trust With UEM, IAM and MTD

Bringing UEM, IAM and MTD services together can enable employees to use their mobile devices to securely access corporate resources. Integrating these three technologies and aligning the policies between them can also create a seamless, unified security stance. An MTD partner that can integrate with your existing services is crucial to building a strong security posture.

The CCA scanning, provided in real time by a strong MTD solution, is the glue that binds the zero trust model for secure productivity. CCA allows for dynamic risk assessment: If a device’s risk profile becomes too high at any point, preventative action can be taken. Leading MTD solutions use threat intelligence engines to monitor a number of vectors, including known and zero-day threats.

Integration with other technologies is extremely powerful once risk levels have been exceeded. After the MTD tool categorizes the risk, it can then communicate with the UEM solution to trigger a seamless, automatic response. Integration with other services such as security information and event management (SIEM) can help improve the IT team’s level of response and visibility when a risk occurs.

In the real world, the scenario may be as simple as an employee downloading an entertainment app for their commute to work. If the entertainment app contains a vulnerability, MTD is designed to detect that corporate information accessed on the device is at risk. Combining the insights gained from UEM, IAM and MTD in a single policy engine helps security and business leaders make richer, more contextual access decisions.

For example, when an MTD solution recognizes a risk, it can work with UEM to prevent access to company services from the device. Informing the employee why action has taken place gives them options to choose how to work. If the IAM system believes the user’s credentials are not compromised, the employee could continue to work from a secondary device. Or, if the main device’s risk profile can be lowered, it could become a work tool again. A single policy engine powered by the three tools can dynamically enable productivity and protection.

How Can Businesses Move to the Zero Trust Model?

The reality is that zero trust isn’t just a single product or service, and there is no industry-standard architecture. As new ways of working develop, IT teams will need to hold BeyondCorp’s mantra close to heart and allow “employees to work more securely from virtually any location.”

Using and linking UEM, IAM and MTD together can create a unified, comprehensive security policy businesses undergoing digital transformation can use today. This will help ensure that enterprise data is securely accessed by only the right users, applications and devices.

Get a demo of MaaS360 and Wandera to see how UEM and MTD support zero trust

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…