iOS and MobileIron: New White Paper outlines common sense approach to counter FUD and complexity when securing corporate data
Fran Thorpe | February 22, 2017
Every February the Moscone Center in San Francisco becomes the destination to learn the latest on how “to fight cyber threats and proactively manage risk” (RSA Conference). This year, the halls were crowded with information on an ever evolving market, adding to the already complex IT Security space. This complexity has real-time impact for the IT teams faced with protecting their data, networks, and endpoints. A Ponemon Institute report on the Cost and Consequences of Security Complexity from Jan 2017 highlighted that the primary consequences of complexity in the security space are 1) a lack of accountability for security practices, 2) poor investments in security technologies, and 3) too many active endpoints. As RSA wraps up, analysts and industry watchers are culling through all the information to determine how best to distill it for their teams.
MobileIron’s third edition of the Mobile Security Risk and Review, published last week in conjunction with RSA, highlights that mobile deployments are becoming more sophisticated: 79% of the organizations in MobileIron's global customer base have more than 10 enterprise apps installed. At the same time, enterprises did little to improve mobile security best practices, even in highly regulated industries. The following insights from the report underscore a need for enterprises to improve security hygiene:
- Policy enforcement: Nearly half of companies (45%) did not enforce device policies
- Outdated policies: Nearly 30% of companies had at least one outdated policy
- Missing devices: 44% of companies had at least one missing device
Apple, despite it’s huge impact on enterprise security, was not among the RSA exhibitors. While nefarious threats requiring iOS software updates are rare - Pegasus, the first major iOS exploit, was quickly addressed by Apple and the community as soon as it was discovered - understanding best practices for keeping apps, data, and devices secure is still an ongoing concern.
As a leader in the mobile security space, MobileIron has a solid perspective on how to deal with complexity. As our customers have discovered, addressing basic security hygiene requirements such as the ones listed above is straightforward when a company’s mobility program is based on iOS and Enterprise Mobility Management (EMM).
Our recently published whitepaper, MobileIron and iOS: The Security Backbone for the Modern Enterprise, provides an in-depth overview of the security features of both iOS and MobileIron EMM. It explains how, working together, MobileIron and Apple enable organizations to deploy a highly secure fleet of iOS devices that are easy to configure, secure, and maintain with the most current security policies and app updates.
The tools to protect mobile deployments are readily available and mature, but understanding what capabilities are offered by the operating system vs. what capabilities are offered by MobileIron EMM, as well how they interact is critical to a successful deployment. As threat vectors multiply and increase in complexity, it's critical that businesses address these simple steps as a minimum, to maintain or improve security hygiene:
1. Control risky user behavior.
Ensuring device compliance is critical to preventing unauthorized devices from accessing critical corporate resources. In addition, services such as web apps, enterprise Wi-Fi, and VPN will likely require additional configuration and policy enforcement to prevent access from unauthorized devices.
2. Take advantage of security and management capabilities offered by enterprise ownership programs.
As the enterprise use cases have become more common, mobile operating system vendors have begun offering more tools to improve the “user experience” for enterprises. The Apple Device Enrollment Program (DEP) provides organizations with additional capabilities for securing their fleets of mobile devices, including mandatory EMM enrollment, and additional restrictions and configuration options.