How Strong is Your MDM Security?

66% of organizations admit a mobile cybersecurity issue has spiraled into a “significant organizational calamity” in the past, according to the 2020 Verizon Mobile Security Index (MSI). Your chances of experiencing a mobile cybersecurity incident in the next two years are 28%. So, how strong is your MDM security? It’s officially time to examine whether your mobile device management supports a secure, lifecycle approach to deploying and managing devices.  

Mobile security risks vary according to device type, industry, and use case. Single-purpose enterprise devices like kiosks, mobile point-of-sae (mPoS), and employee tablets face a unique set of threats compared to BYOD smartphones. But, all smart, connected devices are vulnerable to external and internal threat actors. 

An MDM’s security is defined by how well it deploys and manages devices for different use cases. An MDM needs to lock devices to the dedicated purpose without hindering the user experience, and it needs to provide real-time insights into security risks. 

6 Signs Your MDM Security is a Risk

Globally, the average cybersecurity breach costs $3.92 million. If your company is victimized by hackers, your customers won’t exactly care to hear that your MDM features were inadequate. 

Regulatory agencies also won’t buy the MDM security excuse. If your firm is subject to HIPAA, the CCPA, the GDPR or other frameworks, security incidents could be costly. 29% of firms surveyed in the MSI paid a regulatory penalty due to a mobile security breach.

The following 6 questions are a litmus test to determine whether your MDM security is risky.

Sign 1: Unauthorized Use

Are your employees or customers able to use your kiosks, tablets, smartphones or other devices to access unauthorized websites, apps, or device settings?

Sign 2: Downtime

Are you losing money, productivity, or customers due to device or app performance issues?

Sign 3: Manual Provisioning

Is your IT team or mobile technicians tasked with manually configuring and deploying each enterprise device?

Sign 4: Device Compatibility

Does your MDM provide enough features to deploy and manage the security of all your different device hardware and operating system (OS) versions?

Sign 5: Device Lock-Down

Are you able to view the security of devices against mobile threats, including insider abuse, tampering, theft, network security issues, and malware?

Sign 6: Updates

Are you up-to-date on patching, or within 30 days of the latest patch release date via firmware over-the-air (FOTA) updates?

How Secure is Your MDM? An EMM Cybersecurity Checklist

MDM security and safe mobility is a concept that involves multiple layers. Each layer needs to be aligned with the use case and risks to avoid cybersecurity issues. 

A full MDM cybersecurity assessment should involve a look at each 6 layers to understand the greater picture of risk and vulnerabilities. Within these 6 layers, we’ve identified 42 separate MDM security criteria. Download the complete EMM Cybersecurity checklist here.

  • Layer 1: Cloud MDM Platform Security 
  • Layer 2: Device Hardware Security
  • Layer 3: Network Security
  • Layer 4: App Security
  • Layer 5: Alerts & Remediation
  • Layer 6: User Experience

Layer 1: Cloud MDM Platform

Your cloud MDM console is ground zero for effective mobile security. Your MDM admin portal should make it easy to provision, deploy, and manage devices according to policy and determine which users can read and write device policies.  

Usability is a key factor for cloud MDM security, and so is data integrity. You need to be able to trust that your MDM will deliver timely alerts and a complete audit trail.

Layer 2: Device Hardware Security

Device hardware security matters, especially for today’s enterprise Android fleets. Most MDM are built to accommodate smartphones and tablets, but far fewer offer compatibility with mPoS, kiosks, ruggedized devices, smart fitness equipment, and telehealth devices.

A smart approach to hardware procurement is key to mobile security, and this process should involve learning whether devices are compatible with your MDM. Device interoperability and updates aren’t the whole scope of hardware security, but they’re important measures of MDM strength.

Layer 3: Network Security

A mobile device is only as secure as its weakest layer — a secure mobile device on a compromised Wi-Fi network can leak your sensitive data. Network security matters, even if your single-purpose devices aren’t built to be used over public Wi-Fi networks. 

Corporate mobile devices use Wi-Fi connectivity 300% more often than cellular data, according to a Wandera study. Nearly 25% of enterprise mobile devices have been on a corrupt WiFI network. 4% have been exposed to a man-in-the-middle attack. 

Single-purpose devices are generally deployed on a secure corporate network, but not always. An MDM needs to support Wi-Fi security for dedicated devices that travel with employees or customers. Network security policies should also protect the enterprise in worst-case scenarios, like a stolen device that’s taken off the premises and exposed to compromised Wi-Fi.

Layer 4: App Security

Over 11% of mobile apps downloaded from Google Play Store contain hidden cybersecurity risks, according to a recent academic study of 150,000 apps. Researchers found that 12,706 Play Store apps had signs of a mobile backdoor, such as secret access keys or master passwords. On pre-installed bloatware apps, the percent compromised is closer to 16%. 

Mobile Apps from Official Play Stores or unauthorized web sources may also contain riskware, defined as extensive permission requirements that compromise user policy. Riskware apps are typically free and perform as promised, while secretly sharing the user’s private data with a remote server.

Mobile apps can also introduce risk if they’re laden with mobile ad malware, which run continuously in the background and lead to issues like a drained battery or slow performance. Juniper Research projects mobile malware ads will cost over $100 billion each year by 2023 in productivity loss and damage. 

So, you can’t trust most end users to carefully read app permissions before downloading. You also can’t trust Play Store apps by default. An MDM should support top-down app management for the use case, including restricting app and user permissions.

Layer 5: Alerts & Remediation

At least 4.5% of Android devices contain known malware, according to a MobileIron survey. Regular updates matter, but they’re not enough — 7% of Android devices are unpatched for at least 6 months or more after the patch release date.

Mobile security is dynamic. A secure kiosk or mPoS can quickly become a liability when any single factor changes. The key to avoid threats is visibility, so you can see which negative changes create risk. 

Intelligent alerts are critically-important, but so is the ability to remotely respond to cybersecurity threats before a situation turns into a data breach. An MDM should offer automated response, such as device lockdown when geofencing data indicates it’s been lost or stolen.

Layer 6: Secure User Experience

72% of organizations worry about device abuse or misuse, according to the Verizon MSI. 44% of organizations lack a device compliance policy entirely, despite their fears of employees or customers acting outside of bounds.
Countless organizations also struggle to enforce basic mobile cyber hygiene measures. 42% of organizations have at least one mobile device without lock screen security, per Wandera. The majority of these devices with lockscreen security have a simple 4-digit code, instead of alphabetic or alphanumeric codes that are harder to crack.  

The user experience should protect your enterprise from authorized and unauthorized users — including unacceptable activities among employees, customers, device thieves, and hackers. An MDM should support a customized user interface that’s built according to the principle of least privilege. This is the least amount of user access possible to fit a use case without cutting into user productivity or happiness.

To learn more about securing the end user experience, we recommend: Android Kiosk Mode vs. Kiosk Software

The Future of MDM is Dynamic Mobile Security

Your mobile security risks vary depending by device type, industry, and most importantly, use case. MDM originated as a tool to protect enterprise data from users in BYOD and COPE use cases. Today, it’s evolved to mean much more. Looking to the future of MDM is the only way to protect your fleet against the changing mobile threat landscape. 

MDM security in 2020 must be dynamic. You need the flexibility to deploy and manage single-purpose Android devices according to use cases. MDM should offer features to completely wipe and re-provision devices at any given point during the device lifecycle. Most importantly, MDM security should allow real-time or automated response based on insights into devices, apps, and user behaviors.  

Esper is the first-ever complete toolchain with MDM for single-purpose Android enterprise devices. To learn more, request a demo.

0
Esper logo
Esper empowers Engineers, Developers, and Operations teams with tools crafted for company owned Android devices. Our full stack platform covers building, deploying, managing, and maintaining to move beyond MDM and to Device Orchestration.
14205 SE 36th St.
Suite 100
Bellevue, WA 98006
© Copyright 2020 Esper - All Rights Reserved
linkedintwitterfacebook