Insight by MobileIron

Protecting endpoint business devices in a smartphone world

Smartphones are an integral part of how companies and the government do business today, but keeping them protected can be a challenge.

The government hasn’t fully caught up to the rest of the world in the ability to use phones to do important work, but it wants to and, according to MobileIron Federal Chief Technology Officer Bill Harrod, it’s a priority.

“Kevin Cox, the continuous diagnostics and mitigation (CDM) chief at the Department of Homeland Security, said that mobility is one of the new focuses for CDM at DHS,” Harrod said during the discussion Managing Threats Through CDM in Government, sponsored by MobileIron. “Being able to put controls around those modern endpoints, leverage the challenge of how we secure those modern endpoints, and how we report that up to DHS is going to be really critical.”

Right now a lot of agencies are providing mobile devices for work, or allowing employees to use their own devices for work, but fully securing those devices is something the government is wrapping its arms around.

“The mobile endpoint has become one of the favorite targets for hackers and attacks, and it’s not as well secured as a lot of the traditional devices,” Harrod said. “We need a way to validate that the phone or tablet is in compliance with policy, that it hasn’t been jailbroken, that there aren’t malicious apps on the device and that the data is encrypted.”

Threats aren’t relegated to cracking easy passwords anymore. In the mobile world, one of the weakest links for security is the temptation and ease of connecting to networks that are not secure.

The ubiquity of the mobile device and the reliance on always being connected can make users more likely to connect to any hotspot around, Harrod said.

But sometimes even when users are careful, networks can be tricky.

“A colleague of mine was recently in Shanghai on an elevated highway at highway speeds,” Harrod said. “His phone connected to an Apple network. The issue was that there aren’t any Apple stores near where he was, but the Apple network ID is configured on the device by default. As a result, somebody was spoofing that Apple SSID, and his phone connected to that network. That person then had access to his phone.”

Harrod said connectivity like WiFi and Bluetooth need to be taken into account when configuring a device.

One solution to the concerns about mobile security may be the concept of zero trust, however.

“Traditionally in security we relied on a perimeter of security defenses and anything inside the perimeter was trusted,” Harrod said. “What we’ve found is that perimeter around the enterprise has evaporated. What zero trust is about is how we redefine the security perimeter at a granular level. We use things like micro-segmentation and effective security at all of the endpoints to redefine that trust model down to the level of transaction or application.”

Harrod said that smaller circle of trust helps the government and companies weed out suspicious and malicious activity and then clamp down on it before it gets out of hand.

CDM and Mobility in Government

Being able to put controls around those modern endpoints, leverage the challenge of how we secure those modern endpoints, and how we report that up to DHS is going to be really critical.

The Threat Landscape

The mobile endpoint has become one of the favorite targets for hackers and attacks, and it’s not as well secured as a lot of the traditional devices. We need a way to validate that the phone or tablet is in compliance with policy, that it hasn’t been jailbroken, that there aren’t malicious apps on the device and that the data is encrypted

Zero Trust

What zero trust is about is how we redefine the security perimeter at a granular level. We use things like micro-segmentation and effective security at all of the endpoints to redefine that trust model down to the level of transaction or application.

Listen to the full show: