Today’s smartphones have security features that were practically science fiction just a few years ago. A user with a new device likely has a phone that encrypts data, continuously updates its operating system to ward off threats and allows users to authenticate their identity with biometric factors such as fingerprint and facial recognition.
This is great for users, and it can also be great for the enterprise. By taking advantage of these baked-in security measures, organizations can direct their own efforts toward other security steps and ensure that their growing mobile environments don’t put their networks and data in harm’s way.
However, organizations typically need mobility management solutions to take full advantage of these security tools. Here’s how organizations can get the most out of devices’ mobile security features.
Biometric authentication is now a standard security feature on many mobile devices. Not only are these security measures more difficult to circumvent than a simple passcode, but they also give organizations a handy way to implement multifactor authentication for users to access sensitive apps and data. However, organizations can enforce policies requiring biometric authentication only if devices are enrolled in a unified endpoint management program.
By deploying UEM solutions, organizations can require fingerprint or facial recognition as a primary or secondary source of authentication for particular apps. UEM tools also allow security professionals to locate a device if it is lost or stolen, prevent sensitive documents from being shared or opened in insecure apps, whitelist or blacklist specific applications and implement a number of other management and monitoring capabilities.
Many new endpoints, including Apple iPhone devices, automatically encrypt data at rest — but only when the device is protected by a passcode. (Apple uses the passcode itself to generate encryption keys and uses a feature called Secure Enclave to keep the encryption keys separate from all other device data.) The only way for enterprises to enforce passcode use on employee devices is through a mobility management tool. Some applications also support encryption for in-transit data. Apple devices encrypt data in transit for standard mobile apps such as the Messages texting app. But for third-party apps, organizations still need tools such as UEM solutions to learn whether the apps support in-transit encryption, or else find ways to support encryption themselves.
For example, an organization might require that certain types of apps and data be accessed via a VPN connection. Also, tools such as mobile threat defense can help security administrators to assess the risks associated with different apps and inform decisions about whether additional security measures are warranted.
Operating System Updates
Mobile device manufacturers are constantly on the hunt for new threats to their operating systems, and they routinely push out updates to protect users, their devices and their data. But many people simply ignore prompts to update their operating systems, leaving them vulnerable. UEM tools can enforce updates (or even delay updates if organizations need some time to update their own apps to run on an updated OS). Like other built-in security tools, OS updates improve enterprise security only if organizations have a way to enforce compliance. Otherwise, the end user is in charge.
This blog post brought to you by: