Mobile devices continue to grow throughout organizations, but with that growth comes the challenge of securing the devices, the end users, and all your organization’s data. The original strategy for organizations was to manage (and/or rollout) mobile devices through policy-based Enterprise Mobility Management (EMM) solutions. This was done, however, at a time when mobile devices didn’t pose that big of a security risk.
Oh, how times have changed!
Today, mobile devices have become a massive target for attackers looking to steal data or gain access to corporate networks. As this security threat evolved, the market was somewhat slow to react, which has left EMM solutions somewhat ill-prepared to handle the security aspect of mobile devices. As a result, a new market of solutions has begun: Mobile Threat Defense (MTD) solutions.
As the need for mobile security rises (along with the MTD market), Gartner has begun releasing its own research regarding the MTD segment. In their recent report “When and How to Go Beyond EMM and Ensure Enterprise Mobility”, they discuss in detail what organizations should do to approach mobile security threats. In fact, they highlight that organizations cannot “adopt an antivirus approach to mobile security, as the mobile platform architecture on mobile devices is fundamentally different from PCs”. As a result, Gartner concludes that organizations should deploy a MTD solution in parallel (with EMM) to bridge that gap. In Gartner’s own words:
“EMM solutions have limitations in that they are unable to detect platform and app vulnerabilities. They are also limited in their capacity to detect malware threats on their own. Mobile Threat Defense (MTD) tools help to fill this void by protecting enterprises from threats on mobile platforms… The synergy between EMM and MTD tools allow for risk mitigation based on real-time information and intelligence sharing.”
One of the big benefits of MTD is the depth and breadth that the solutions provide, namely that “MTD solutions provide security at three levels — the device (through behavioral anomaly detection and vulnerability assessments), the app (through reputation scanning and code analysis) and the network (through monitoring network traffic and automatically disabling suspicious networks from mobile devices).” This robustness is a huge security complement to the maintenance and management capabilities that EMM already provides.
Given that, Gartner recommends combining EMM and MTD solutions for the strongest mobile security architecture, and plots out three phases that CISOs should step through to successfully build this out for mobile devices: manage, securely enable, and synergize. The full report goes into significant detail on what should take place at each phase, and this figure (from the report) provides a nice summary. Note that the first two steps are “Manage” and “Enable”, with the true security elements introduced in the “Synergize” column, including MTD and Mobile App Reputation Servicse (MARS):
Gartner shows in this report that today’s “CISOs are unsure whether an enterprise mobility management (EMM) solution suffices to guarantee security for enterprise mobility” and suggests that “additional mobile security tools are necessary”. They suggest that CISOs “define your mobile security requirements … decide when additional tools will be necessary. Use EMM as an orchestration point to enforce policies in conjunction with other security tools.” And, “do not adopt an antivirus approach to mobile security, as the mobile platform architecture on mobile devices is fundamentally different from PCs.” Ultimately, they conclude, “CISOs need to determine the right approach to integrate them [MTD solutions] with an EMM solution.”
If you’d like more information on how Skycure works with EMM solutions, be sure to read our New York Life case study, where we partner with MobileIron to provide a complete mobile security solution. If you’d like to purchase the full Gartner report, you can do so here.