In today’s rapidly changing work environment, secure mobile devices and apps that allow workers to access company data are more important than ever before. The development of technology that enables remote working has made traditional network perimeters obsolete, calling archaic methods of cybersecurity, such as the use of passwords, in question.
More than 1.54 million people work from home for their main job - up from 884,000 ten years ago, according to the Office for National Statistics Labour Force Survey, the largest study of employment circumstances in the UK. With trends such as remote working and Bring-Your-Own-Device (BYOD), secure productivity requires an approach that validates each and every knowledge and frontline worker’s device before granting the device access to enterprise data. A thorough approach to cybersecurity establishes user context, checks app authorisation, verifies the network, and spots and remediates threats before granting access to the device and the user.
Unified endpoint management
Business happens at the endpoint. Almost every business process, such as employee collaboration and customer interaction, requires the use of endpoints or devices, whether they be smartphones, tablets or virtual reality (VR) headsets. In this increasingly connected world, each of these endpoints aligns with complex use cases that have quickly gone from niche and enterprise-specific to commonplace for most businesses of today.
Unified Endpoint Management (UEM) is an approach to securing and controlling desktop computers, laptops, smartphones and tablets in a connected, cohesive manner from a single console. With UEM, IT administrators can manage different categories of devices, such as those in BYOD, choose-your-own-device (CYOD), corporate-owned personally-enabled (COPE), and corporate-owned, business only (COBO) groups.
UEM improves the security of enterprise data by taking more information signals into consideration before granting permission to any device accessing business resources. It validates the device, establishes user context, checks app authorisation, verifies the network, and detects and remediates threats before allowing access to critical resources, making it a robust approach to respond to the cybersecurity threats that are emerging.
Virtual reality and UEM
Virtual reality (VR) and UEM might seem like two separate realms of technology: one is business-focused while the other that has been purely recreational until now. Although the technology is still new in the consumer market, VR and augmented reality (AR) will change the way we live and work, given the expectation by consumers — and therefore employees — that technology will be easy to deploy and deliver a seamless experience between business and personal use.
Some possible applications for the use of VR and AR devices in the workplace include training employees remotely, virtual desktops, communication and collaboration. There are already companies that deploy VR and AR to their employees. For example, Ford’s designers and engineers use VR headsets to collaborate and test elements of new cars, saving the company billions in a year.
The challenge for organisations seeking to be at the forefront of the ‘future of work’ will be how to secure modern devices, such as Oculus VR headsets, so that employees can use them freely while IT can rest assured that these devices do not pose security threats. The advent of VR and AR in the enterprise, while revolutionary, would be complex to deploy if there wasn’t a UEM framework already in place to manage these devices. Extending the reach of your organisation’s UEM to support AR and VR endpoints means that these devices are no long possible points of ingress for a cyberattack, which can then crawl its way through a company’s network of devices laterally. This level of cybersecurity hygiene requires a zero trust approach to managing devices.
The zero trust model
Zero trust is an approach to cybersecurity that is centred on the belief that organisations should not automatically trust anything inside or outside their perimeters and instead must verify any and every device trying to connect to their systems before granting access, with the assumption that these endpoints have already been compromised.
The zero trust model of cybersecurity is a welcome solution to the issues posed by the old castle-and-moat mentality. This mentality kept organisations focused on defending their perimeters, while assuming everything already inside didn’t pose a threat and therefore was cleared for access. Perimeters are dissolving and passwords are not sturdy enough gate keepers to keep up with the needs of employees anymore. Zero trust and UEM are the best ways forward in a time when the number of endpoints is growing at a tremendous rate.
It’s critical to establish trust at every endpoint (OS, device, app, location), trust in every user, and trust in every network before granting access to confidential company data. This not only ensures high security, but a fantastic user experience on AR or VR devices.
As you move down the trust ladder, additional security measures may be required to ensure the user or endpoint trying to access data can be trusted. This decision is as dynamic as business. The apps and devices used to access data will change, and the level of trust afforded to each individual employee will change. But as long as your trust model is adaptable by design, like UEM, there is no reason why you can’t establish total trust in a zero trust environment.
Simon Biddiscombe, CEO, MobileIron