Zero Trust Is More Important Than Ever Before In The New “Work from Anywhere” World
We recently announced that we have been ranked as a Leader in The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020 report. Before I dive into MobileIron’s strengths in the report, let’s begin with the basics. What is zero trust? Zero trust is a concept that’s talked about heavily in the security industry. It was founded by Forrester alum John Kindervag in 2009, and almost every company has hopped on the zero trust bandwagon in some capacity over the last couple of years.
The basic understanding of zero trust is that you must assume, from a security perspective, that the bad guys are on your network and have access to your data, no matter what security controls or technologies you have in place. Because bad actors are on your network, you can’t trust anyone or anything; you need to always verify what’s going on from an access perspective.
And you need to do that across five key categories. First, you must validate and understand the device that’s connecting to your systems and data. Second, you must establish a contextual relationship with the user. Next, you need to understand and authorize each application. Fourth, you need to understand the network that the user is connecting to. Is it secure? Is it open? And then finally, and oftentimes most importantly, you need to be able to detect and remediate threats.
Zero trust is a journey, as you need to be able to do all the above in an ongoing and compliant way. It’s not a singular destination. And while it could take several years to fully achieve zero trust, the COVID-19 coronavirus crisis has greatly accelerated this journey for every organization by forcing employees and IT infrastructures outside of any defined network perimeter.
Employees are now using their personal devices to connect to enterprise resources from home. As a CIO, what do you know about those home networks? What do you know about those devices that your employees are using? What do you know about the threat posture of those devices? What do you know about the mobile apps that are connecting to different services and systems within your organization?
Zero trust is more important than ever before in this new “work from anywhere” world. In a traditional office environment, employees could connect to a network inside of an organization’s control. Now, of course, all that is happening remotely. So, what contextual relationship can you set up with your users, in order to protect your infrastructure and data?
There are three different ways to achieve zero trust. There is the identity-centric approach, which is also very password-centric. There is the old network approach, which involves funneling everything back through a network gateway. This approach is not comprehensive though, as a large portion of corporate data doesn’t traverse the corporate network. And then there’s the mobile-centric approach, which I believe is the best way to secure the new Everywhere Enterprise, in which employees, IT infrastructures and customers are everywhere – and mobile devices provide access to everything. A mobile-centric zero trust security approach enables organizations to build trust starting with the user’s device.
In order to achieve zero trust across the five key criteria that I mentioned earlier, organizations must first seamlessly onboard and provision devices in a unified endpoint management (UEM) platform. With MobileIron UEM, organizations can easily onboard both BYOD and corporate-issued devices over-the-air. Employees are free to use any devices they want, including devices that run iOS, Android, macOS, or Windows 10. And using services such as Apple Business Manager or Android Enterprise Enrollment, IT can customize the onboarding process, resulting in a simple and smooth enrollment process for users.
Next, organizations need to ensure that all devices are secure and configured with policies that match their information security guidelines. MobileIron threat defense (MTD) can validate device posture prior to enrollment and enforce policies such as passcodes and disk encryption. MTD also protects against device, app, and network level threats, so that corporate data is protected while at rest and in motion.
Additionally, organizations must enable secure connectivity to on-premises and cloud applications. Earlier this year, MobileIron welcomed the incapptic Connect team into the MobileIron family to support an automated app distribution model. incapptic Connect software automatically validates that an app meets the necessary requirements for publishing to either a public or in-house app store. incapptic Connect then automates the publishing process. Once an app is published, MobileIron UEM automatically distributes it to managed devices and automates updates to ensure that users are always operating on the most secure and up to date version.
MobileIron UEM also provides secure conditional access to ensure only authorized and compliant users, devices, and apps have access to business services. To take that a step further and provide the ultimate user experience, organizations can activate passwordless MFA for secure user authentication. MobileIron Zero Sign-On eliminates passwords and provides quick, easy, and secure access to applications by using a device as the user’s identity.
What’s unique about MobileIron’s approach to zero trust is that we prioritize user experience. We also take advantage of the investments that companies have made over decades of time. Our products layer and build on top of each other to further secure business data, while optimizing end user productivity. For example, there is no end user action required to deploy MTD on mobile devices that are enrolled in MobileIron UEM; this is remotely managed by IT departments. As a result, organizations can achieve 100% user adoption, and IT departments can achieve peace of mind knowing that their employees aren’t opting out of security protocols.
We’ve worked hard as a company to help thousands of organizations around the world achieve zero trust. And we look forward to continuing to help our customers secure their digital workplaces as they adapt to the future of work, in which employees increasingly leverage mobile devices to stay productive and work from anywhere.