Security and Compliance
New security challenges
The security challenges of modern mobile operating systems are very different from those of the legacy PC era. Mobile operating systems have shifted to a new, sandboxed architecture that results in higher stability, improved user productivity, and easier updates. This new architecture eliminates traditional malware threats and incorporates built-in security and management APIs. When paired with an enterprise mobile security platform like MobileIron, they become a powerful set of capabilities that improve data security.
Additionally, enterprise data now lives in both corporate and consumer apps and cloud storage repositories. The goal with mobile security is to secure that corporate data wherever it is. In the mobile world, the right security model means that employees can do more. Making this possible requires a new model for security: identity and trust determine employee access.
The flip side of security is privacy. Mobile devices are highly personal and almost every device will contain a mix of personal and corporate information. IT needs to be able to secure and manage the enterprise information on the device without seeing the personal information. This is critical in a world where privacy is becoming increasingly important to both the user and to all of regulatory communities around the world.
The MobileIron mobile security platform was built to secure and manage modern operating systems in a world of mixed-use devices. It incorporates identity, context, and privacy enforcement to set the appropriate level of access to enterprise data and services. With MobileIron, IT can secure corporate information wherever it lives while preserving the sanctity of employee privacy. With MobileIron, security means enabling business not restricting it.
Threat vectors on mobile are different from PC
Threat vectors on mobile are different from on a PC. Application sandboxing on mobile protects against data loss, but always-on connectivity, device tampering, and malware introduce new types of threats. Find additional information on specific threat vectors below.
Data loss and device tampering
Mobile devices are hyper-connected and often access sensitive data over untrusted networks, increasing the risk of data loss through Wi-Fi sniffing.
Malicious or risky apps
Collect and share data such as personally identifiable information (PII) and device location with third party advertising and analytics systems
Countermeasures to enforce data loss prevention (DLP) on mobile
Mobile security solutions must encompass mobile devices, apps, content, and networks. Controlling data loss through proactive, reactive, and live monitoring controls through automation is key to mitigating threats. This also involves enabling users to avoid Shadow IT. Agent-based security solutions such as anti-virus software rely on controlling all processes on a system. This approach breaks in sandboxed environments, as one process cannot control other aspects of the system. To secure mobile, IT has to replace traditional PC management tools with purpose-built enterprise mobile security platforms, designed to enable end-user productivity while securing apps, content and devices.
Certificates and single sign on for seamless authentication
Containerize and encrypt enterprise data
Separate personal and corporate data.
App Reputation Services
Proactively identify and restrict use of malicious and risky apps.
App-level DLP control
Provide DLP (open-in, copy, paste) control and restrict file sharing.
Encrypt data-in-transit and provide granular app-level access control.
Strong authentication using certificates
Secure data-in-motion, mitigate Wi-Fi sniffing and MitM.
Compliance drives many mobile security deployments. From a cashier accepting payments at a retail store to doctors accessing patient records in hospitals, mobile has become an important enterprise productivity tool. Often times there are industry specific security requirements, and enabling mobile productivity means IT must meet these standards.
Financial services CISO guide
HIPAA compliance checklist