Patriot has been able to integrate multiple platforms to provide a holistic approach to Mobile Device Security Management. We can bring you mobile device visibility, awareness, compliance, authentication & authorization, mobile application security, and continuous monitoring, and can assist in establishing enterprise mobile policies and security architectures. Remember, there are no silver bullet solutions in mobile security—you need to integrate multiple platforms for holistic security.
Mobile Security: It’s All About the Data
With mobile computing on the rise, organizations are forced to consider how to provide the best balance of convenience and security. With mobile device sales outstripping PC sales—last year, smartphone shipments surpassed PCs for the first time—it is evident users are opting for the convenience of these personal devices for business use.
The increased number of mobile users has been accompanied by an alarming increase in mobile threats – an estimated increase of 125% to over 400% over the past year. Data loss prevention is becoming more essential, as an increasing number of security breaches are being traced back to mobile devices.
Security professionals are now challenged with understanding all the new terms (BYOD, COPE, MDM, MAM, etc.) along with the nuances of their own internal jargon. Additionally, they now need to know how to secure and protect corporate assets in a mobile environment. Patriot assists organizations with this overwhelming task through our lifecycle approach to mobile device security management (MDSM). Regardless of the size of the organization, the business vertical, or the stage you are at with your mobile device solution, Patriot’s versatile solutions provide exceptional value.
Most teams are familiar with the concept of mobile device management (MDM). MDM is the core component of any mobile solution; however, in and of itself it is not a security solution. At Patriot, we bridge the gap between MDM and MDSM—Mobile Device Security Management. We do this by integrating a range of mobile security components to provide a holistic solution. With customized integration, each organization receives a solution that meets the needs of their unique environment while maintaining a positive end-user experience.
THE PATRIOT VALUE ADD
Patriot’s mobile solution brings together various technologies appropriate to the needs of the customer. As an example, we can integrate three primary mobile device platforms, such as MDM, network access control (NAC) and mobile device detection/contextual awareness. These three technologies address the who, what and where of mobile devices, and give visibility and control of the data to each and every enrolled device. Patriot can then integrate a variety of other security and visibility capabilities, such as identity and access management (IAM), intrusion detection and prevention systems (IDPS), mobile application security, and file security—specific to organizational requirements and network architecture. To complete the solution, we can integrate enterprise security capabilities to ensure organization-wide protection.
Patriot’s holistic MDSM solution addresses all the critical components of mobile device security, such as:
- Automatic detection of any mobile device via cellular or WiFi
- Automatic enrollment/provisioning of employee-owned devices
- Network access control policy enforcement
- Device management and policy enforcement
- Identity and access management: multi-factor authentication using smart cards and PKI
- Contextual awareness
- Automatic malware detection & remediation
- Mobile app control & behavioral analysis
- Integrated visibility with network management tools (SEIM, GRC, etc.)
- Data integrity/encryption
- Data loss prevention (DLP)
As with any solution, there is no silver bullet, and organizations will often need to use a combination of mobile products to address enterprise security concerns. Patriot provides best-of-breed products, along with integration capabilities, to deliver a customized solution for your environment that meets security requirements and ensures a positive end user experience.
PATRIOT’S MDSM INTEGRATED SOLUTION PARTNERS
Having the ability to identify, monitor, and manage mobile devices on wireless and cellular networks within your facility is key to controlling unauthorized devices. Through contextual security, you can determine specific device compliance with security policies, and you can actively enforce policies by limiting or modifying a device’s capabilities while it is within a secured zone.
Network Access Control
Providing teams with real-time visibility and control over smartphones, tablets and mobile PCs on your network. With an NAC solution, users can enjoy the productivity benefits of mobile computing devices while you keep the network safe from data loss and malicious threats.
Identity and Access Management
Leveraging existing identity and access credentials allows mobile users the ability to access secure information, emails, VPNs, etc. anywhere. Patriot offers a variety of identity solutions that range from multi-factor authentication to derived credentials that take advantage of existing infrastructure.
Leveraging mobile application scanning allows organizations to reach a balance between productivity and the safety of sensitive data on the device and internal networks. With over 730 different behavioral and malware activity checks, apps available through public and enterprise app stores can be thoroughly analyzed and scored based upon perceived risk before downloading—allowing for effective black and whitelisting.
Integrated Network Visibility and SEIM
Effective mobile security requires real-time visibility. Providing organizations with true, real-time situational awareness, and the speed needed to identify critical threats, respond intelligently, and ensure continuous compliance and threat monitoring is vital for an enterprise environment. Security teams now have simple access to real-time, risk-relevant information to obtain a stronger security posture while shortening response time.
Mobile Device Management
MobileIron answers the BYOD challenge with an easy-to-use platform that lets IT instantly start managing personal devices, without compromising the user experience, security or privacy. MobileIron provides flexible approaches for enrollment, asset management, policy enforcement and the distribution of profiles, apps, and docs, all based on device ownership, whether corporate- or employee-owned.
The ability to easily access and share documents is a must if mobile users are to be productive. However, providing such access can lead to data leaks and file security breaches. By embedding security directly into the files, IT can now manage documents even if they reside outside of network control – thus adding security without complicating access.
Virtual Desktop Infrastructure
The most secure way to allow users to access corporate data and applications via their mobile devices is through virtual desktop infrastructure (VDI). The mobile device serves as a monitor since all of the processes are running in the backend server environment, allowing IT to control the policies and infrastructure while not having to worry about the security of the individual device.
THE WHO, WHAT, WHERE OF MOBILE SECURITY
Who: as with any device, there must be a way for a user to authenticate. This can be achieved with a simple username and password, or a more sophisticated (and secure) two-factor authentication using PKI credentials or biometric aspects. Once a user has been authenticated, the appropriate policy and network access levels can then be applied.
What: it is imperative to understand what type of device, operating system and version of an operating system is being used. Certain operating system versions are inherently more vulnerable than others. Further, devices that have been “jailbroken” or “rooted” pose further threats.
Where: this is one of the most challenging components of an MDSM solution. Policies must account for a device’s location—called contextual awareness—which allows an organization to set policies based on where devices are located (e.g., corporate boardroom, SCIF) and from where they are accessing the network.