Do More with Complete Mobile-Cloud Security from MobileIron Access

Transcription

1 Do More with Complete Mobile-Cloud Security from MobileIron Access MobileIron Access: Complete cloud-based security Comprehensive security. MobileIron Access leverages device and app posture, user identity, location, and more to ensure only trusted devices, apps, and users can access enterprise cloud services. Unified platform. MobileIron Access is a single, easyto-deploy, unified platform that helps organizations secure business apps and data in the mobile-cloud world. Standards-based security. MobileIron Access easily integrates with best-of-breed identity providers and can secure any cloud service that supports the SAML 2.0 standard no custom integration work required. MKT EN-US v1.0 1

2 The mobile-cloud security challenge Around the world, enterprise organizations are adopting cloud-based services and mobile endpoint technologies at an unprecedented rate. This shift toward modern mobile-cloud technologies is forcing organizations to rethink everything from datacenter architectures to endpoint security because traditional, desktop-based security models are no longer adequate. In the era of the IT-controlled desktop PC, organizations could rely solely on the username/ password approach to information access security. In the mobile-cloud world, identity-only security is insufficient because it provides no mechanism for verifying the state of the device or app, encourages unsafe security behavior, and complicates the user experience. For example, identity-only security can t tell if a user is accessing business apps with a jailbroken mobile device, which can put business data at risk. Users may also create weak passwords that are easy to remember or store passwords in easily accessible but unsecured locations, such as a personal Google doc. In addition, typing complex passwords on small mobile screens can be a big source of frustration for enterprise users trying to access business documents and data on their mobile devices. Entering incorrect credentials can also result in account lockouts after too many attempts. This paper covers some of the critical security gaps today s mobile-cloud enterprises must address: Unsecured devices. Unsecured devices allow users to easily access business data from mobile apps or cloud services simply by entering their credentials into an app or browser on the device. Once on the device, data can be easily compromised or shared with unauthorized, external sources. An example of an unsecured device could include one that runs a modern OS, such as ios, Android, or Windows 10, but is not enrolled in a mobile device management (MDM) platform. A Windows 7 machine that is not domain-joined may also be vulnerable to security breaches. Unmanaged apps. These typically include business apps, such as Office 365 productivity apps, that the user has downloaded from a personal app store instead of the enterprise app store. As a result, these apps are not under IT control but can still be used to access business content once the user enters his or her credentials. That data can then be shared with other devices and apps because IT has no visibility or control over unmanaged mobile apps. Unsanctioned cloud services. Most enterprise cloud services have associated ecosystems of apps and services that integrate using APIs. While the enterprise cloud service might be sanctioned, apps and services from its ecosystem might not be. That means users may be able to use their credentials to connect unsanctioned, third-party services to enterprise cloud services. As a result, business data can be accessed or shared through an unsanctioned cloud service without IT s knowledge or ability to control it. 2

3 Mobile-cloud security best practices Minimizing security gaps in the mobile-cloud infrastructure requires a set of proven best practices that gives IT control and visibility without compromising performance and productivity. Organizations should look for a comprehensive mobile-cloud security solution that seamlessly integrates these best practices within its platform. Enable contextual policy enforcement on any cloud service or mobile OS As enterprise users increasingly rely on mobile devices to access corporate apps and cloud services, IT needs more than identity-based security to block access from unsecured devices, unmanaged apps, and unsanctioned cloud services. Mobile-cloud security requires a modern, multi-os platform that helps IT define and enforce conditional access control policies based on device type and posture, the state of the mobile app, type of cloud service, and user identity. Simplify user authentication through seamless SSO Boosting employee productivity is one of the main reasons organizations move business processes to the cloud. Requiring users to enter a password every time they access a cloud service only puts a roadblock between employees and the resources they need to do their jobs. In addition to forgetting their passwords, users often mistype their credentials on small mobile screens and lock themselves out after too many attempts, which then requires intervention from the help desk. Not only does this put employee productivity on hold, it increases support costs and decreases efficiency. As a result, organizations need to simplify secure access using technologies such as single sign-on (SSO). Track and manage compliance reporting In addition to rolling out secure cloud services, apps, and devices, IT also needs a scalable, centralized way to apply security policies and track, monitor, and report on compliance. Traditional solutions can t reliably provide visibility into the posture and state of devices or apps that employees use to connect to enterprise cloud services. Furthermore, IT is typically required to collect logs from each individual cloud service and manually correlate them with logs from other sources to identify non-compliant devices and apps. This approach is too fragmented and lacks true scalability. With stricter compliance guidelines introduced through policies such as the Global Data Protection Regulation (GDPR), organizations require a consolidated reporting platform that allows for easier reporting, auditing, and remediation. Why traditional approaches fall short There are a variety of solutions on the market today that help organizations solve separate pieces of the mobile-cloud security challenge, but they don t support the comprehensive best practices outlined above. Identity access management (IAM) IAM primarily focus on identity management and access control. IAM solutions provide identitybased access control for cloud services, but they do not have the ability to allow or deny access based on the device or app posture. 3

4 Mobile Device Management (MDM) MDM focuses on securing mobile devices. It s important to note that not all MDM vendors adequately address cloud security and many cannot solve the unmanaged app and unsanctioned cloud problems described above. Cloud access security brokers (CASBs) CASBs provide visibility and granular file-level access control and data security for cloud services. However, they have very limited capabilities when it comes to profiling devices, determining device posture, and preventing non-compliant devices or unsanctioned apps from accessing enterprise cloud services. While each of these solutions generally perform their individual functions well, they are siloed solutions that are challenging to integrate, resulting in security gaps that leave business data vulnerable. MobileIron Access delivers unified mobile-cloud security Organizations that use enterprise cloud services such as Box, G Suite, Office 365, and Salesforce need to provide conditional access control for all of these services. MobileIron Access provides seamless, secure SSO and in-depth visibility that ensures enterprise data from the cloud is only available to secured devices, managed apps, and sanctioned cloud services. Unlike competitive offerings, MobileIron Access offers a standards-based, unified platform that secures cloud services while enabling users to stay productive anywhere, on any device. As a result, business data remains secure as it travels back and forth to the cloud. Prevent data loss Preventing data loss through intentional or accidental employee actions is critical. For example, how can IT prevent a user from downloading files from Salesforce and copying them to a personal Dropbox folder? Can IT block access to Salesforce data through a Cydia store web browser on a jailbroken ios device? MobileIron Access reduces the risk of this type of data loss by using conditional access policies that ensure enterprise cloud services and data are only available to trusted users, on compliant devices, using managed apps and approved cloud services. This means an employee cannot share files or data from a managed cloud service, such as Office 365, to an unmanaged app, such as a personal Google Drive. Enhance the user experience MobileIron Access helps improve the user experience by providing seamless, secure SSO for enterprise cloud services so users can instantly access business data without constantly entering unique usernamepassword combinations for every mobile app and cloud service. Unlike basic SSO, MobileIron Access works seamlessly across any mobile app and provides an additional layer of security by preventing logins from unsecured apps. By minimizing the need to type in credentials, MobileIron Access SSO reduces account lockouts due to mistyped credentials. Organizations can also improve productivity by leveraging intuitive remediation workflows that allow users to fix problems themselves without calling the help desk. 4

5 Simplify compliance reporting MobileIron Access helps drive compliance with in-depth visibility and audit capabilities through an advanced reporting engine that tracks all the devices, apps, services, locations, and users that connect to enterprise cloud services. This highly detailed level of visibility makes it easier for organizations to identify non-compliant users and devices and take steps to bring them back into compliance. Just as important, MobileIron Access simplifies audit and compliance monitoring with detailed logging and reporting capabilities. MobileIron Access: Securing cloud-based business transformation The adoption of mobile and cloud technologies is driving massive change in organizations around the world. These new technologies enable organizations to streamline business processes, lower costs, and help employees work productively wherever they are. However, securing mobile apps and cloud services requires more than traditional, PC-based security approaches that aren t designed for the mobile-cloud world. Today s modern enterprise requires a comprehensive, unified platform like MobileIron Access, which is designed from the ground up to secure mobile apps, devices, and cloud services. MobileIron makes it easy to transform business by securing critical enterprise resources including desktop PCs, mobile devices, modern apps, and cloud services all from a single point of control. Learn more about MobileIron Access at mobileiron.com/access 401 East Middlefield Road Mountain View, CA globalsales@mobileiron.com Tel: Fax :