Implementing a mobile-centric zero trust security framework

How organisations can enable secure access to the enterprise in the era of mobile working.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

There is no question that mobile has invaded the enterprise. Along with cloud services, mobile devices have transformed the modern working environment, providing huge gains to both employees and businesses alike. However, with these gains come challenges, and the biggest challenge is secure access to enterprise data from any device and application.

The adoption of cloud and the proliferation of mobile devices has dissolved the traditional network perimeter and introduced countless new threat vectors that traditional security measures are unable to protect against. In order to stay safe in the contemporary perimeter-less working environment, while maintaining high levels of employee productivity, businesses must reinvent their entire security architecture to centre on the technology and the way employees want to work.

The problem

The problem

A 2018 study looking into the state of enterprise mobility found that 75 per cent of IT decision makers said mobile devices are essential to their workflow, while also finding that 80% said their employees can’t do their jobs effectively without a mobile phone. At the same time, recent figures have revealed mobile working is the greatest security risk to enterprises. For instance, Verizon’s recent Mobile Security Index found that 83 per cent of CIOs believed their organisation was under threat from mobile threats, while 68 per cent said they believed mobile threats had increased in the last year, and 58 per cent agreed that mobile threats are growing faster than any other threat vector.

As businesses support the wide spread use of mobile and cloud apps they realise the traditional perimeter security approach is no longer sufficient. Today’s modern enterprise needs a robust device security and access management approach - and this means implementing a mobile-centric zero-trust framework.

What is zero trust?

What is zero trust?

‘Zero Trust’ is a security concept based on the belief that bad actors are already operating inside your organisation, and as such a “never trust, always verify” approach is needed. You can no longer rely on traditional security perimeter approaches like firewall, networks and gateway’s because your traffic is no longer always inside the perimeter. The best zero trust solutions verify a wide range of signals including a known device, verifying the app and user, checking the status of the network and identifying and threats prior to granting access to the app and corporate data.

Why mobile-centric zero trust?

There are multiple approaches to zero trust, but the main ones are focused on identity, gateway and the device. However, as the tide of mobile and cloud continues to intensify, the limitations of gateway and identity-centric approaches become more apparent. For instance:

Only a mobile-centric zero trust approach addresses the security challenges of the perimeter-less modern enterprise while allowing the agility and anytime access that business needs. Mobile-centric zero trust seeks to verify more attributes than both these approaches before granting access. It validates the device, establishes user context, checks app authorisation, verifies the network, and detects and remediates threats before granting secure access to any device or user.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Implementing a mobile-centric zero trust approach

In order to build a secure mobile-centric zero trust approach there are four steps for enterprises to follow:

Ultimately, the aim of zero trust framework is to protect data across an increasingly fragmented information fabric. With modern work taking place in the cloud and on mobile-devices, it is essential that enterprises utilise a security framework that centres on the mobile. Implementing a mobile-centric zero trust framework will not just provide the right-level of security across all points of access, but will also provide the most seamless user experience, ensuring employee productivity is maintained.

Rhonda Shantz, Chief Marketing Officer,MobileIron

You might want to check out our picks for thebest business VPN.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

This can’t get any better for Black Friday – LG’s B4 OLED TV drops to just $649.99