Zero Trust for Mobile Security
Key Points
- The speaker illustrates the severe impact of a lost or stolen mobile device, highlighting that protecting the data—especially on enterprise‑managed phones—is far more critical than the hardware itself.
- Zero‑trust security, which continuously validates every access request based on context, is now the leading strategy for cloud and network protection but has lagged in adoption for mobile devices despite the large amount of corporate data they hold.
- Four major mobile‑specific risks are outlined: (1) credential exposure from weak passwords or MFA, (2) device exposure due to insecure cellular/Wi‑Fi connections, (3) application exposure via vulnerable third‑party apps, and (4) insider threats, which affect roughly half of companies each year.
- Implementing a zero‑trust workflow for mobile access—such as an employee authenticating on a Samsung Galaxy Z Fold5 to retrieve a confidential file while traveling—demonstrates how continuous verification can mitigate those risks and secure enterprise resources.
Sections
- Untitled Section
- Dynamic Access Control via UEM/MDM - The speaker explains how identity and access management uses continuous data from unified endpoint and mobile device management to assess real‑time risk, enforce least‑privilege file access, and trigger immediate re‑authentication when anomalies such as rapid cross‑location requests are detected.
- Reminder to Like and Subscribe - The speaker urges viewers to click the like button and subscribe before leaving the video.
Full Transcript
# Zero Trust for Mobile Security **Source:** [https://www.youtube.com/watch?v=PjRfqDlPEio](https://www.youtube.com/watch?v=PjRfqDlPEio) **Duration:** 00:06:18 ## Summary - The speaker illustrates the severe impact of a lost or stolen mobile device, highlighting that protecting the data—especially on enterprise‑managed phones—is far more critical than the hardware itself. - Zero‑trust security, which continuously validates every access request based on context, is now the leading strategy for cloud and network protection but has lagged in adoption for mobile devices despite the large amount of corporate data they hold. - Four major mobile‑specific risks are outlined: (1) credential exposure from weak passwords or MFA, (2) device exposure due to insecure cellular/Wi‑Fi connections, (3) application exposure via vulnerable third‑party apps, and (4) insider threats, which affect roughly half of companies each year. - Implementing a zero‑trust workflow for mobile access—such as an employee authenticating on a Samsung Galaxy Z Fold5 to retrieve a confidential file while traveling—demonstrates how continuous verification can mitigate those risks and secure enterprise resources. ## Sections - [00:00:00](https://www.youtube.com/watch?v=PjRfqDlPEio&t=0s) **Untitled Section** - - [00:03:05](https://www.youtube.com/watch?v=PjRfqDlPEio&t=185s) **Dynamic Access Control via UEM/MDM** - The speaker explains how identity and access management uses continuous data from unified endpoint and mobile device management to assess real‑time risk, enforce least‑privilege file access, and trigger immediate re‑authentication when anomalies such as rapid cross‑location requests are detected. - [00:06:09](https://www.youtube.com/watch?v=PjRfqDlPEio&t=369s) **Reminder to Like and Subscribe** - The speaker urges viewers to click the like button and subscribe before leaving the video. ## Full Transcript
Imagine I'm walking to the airport and someone gets a hold of my device,
in my case, a Samsung Galaxy Z Fold5.
Hey, my phone!
While losing the physical device would be costly.
Losing my personal datawould be even more detrimental,
and that would only be exponentially worse if
it was a enterprise device with a ton of company data.
Thankfully, security got my phone back,
which is funny because I'm going to talk about security for mobile devices today.
The most robust security strategy in use right now is zero trust.
An approach assumes that every connection and end point to the threat.
Zero trust ensure that access to enterprise resources is only granted
after a snapshot of the entire request, context is analyzed.
Looking at the user device and other details every time access is requested.
Companies have been quick to apply this strategy to the cloud and their networks,
but there's been a delay in extending it to their mobile devices.
Given the a vast amount of enterprise data that lives on these devices.
It's critical that businesses understand how to effectively manage them.
Today, I'm going to talk about the risks that come with mobile devices
if they're not adequately accounted for in a company security strategy.
Let's dive into four right now.
One credential exposure,
static passwords, passcodes, and weak multi-factor authentication can leave companies exposed,
as the correct credential does not always equal correct user.
For example, devices can be stolen or lost, and passwords and passcode can be easily compromised.
Two device exposure.
Devices, by their nature are just a more exposed endpoint,
for example, because they rely on cellular signals instead of Wi-Fi.
It's hard to ensure that the networks they're using are secure.
Three application exposure,
public facing applications are a common initial access factor for hackers.
Common reliance on third party applications in libraries can
leave enterprise applications exposed
even if they're secured because an authorized updates.
Fourth and final insider threat,
insider threat can show up in a variety of different
ways from a disgruntled employee turning rogue,
to a perfectly happy employee accidentally falling for a phishing scheme,
a social engineering attack that targeted the user through context.
Unfortunately, this is super common,
as a study found that 50% of companies had at least one insider attack in 2022.
So now that we know these risks exists, what can you do to secure your mobile environment?
Let's walk through an example of which ideally happen in a zero trust framework.
When an employee requests access to an enterprise resource.
Sue is traveling for work
and wants to knock on a few tasks before she boards her flight,
she grabs her Samsung Galaxy Z Fold5 to look at the latest updates
on an NDA project she's been assigned to.
To get access to the latest document,
she submitted credentials into her company's file sharing tool.
Once the correct credentials have been submitted,
they go to the policy decision and enforcement engine.
This engine completes two different processes
a user context evaluation and a device context evaluation.
These evaluation information from from the phone's identity
and access management software,
which is pulling data from the Unified Endpoint Management Software
and mobile device management software on the device.
The UEM and MDM
are perpetually tracking and monitoring data points on the device.
Looking at things like Wi-Fi device health, location and even typing patterns
to ensure that the phone is following the policies
set by the company and the device is in the hands of the authorized user.
So that I IAM to easily be able to get the information that
the policy decision and enforcement engine needs in order to complete its task.
There should be a very seamless process and the end user should get a decision almost immediately.
So back to our example with Sue.
If no red flags are raised, she will be granted access to those files.
However, if a risk was raised, for example,
to requests coming from her account within a span of 5 minutes in two different locations,
there have been additional authentication check.
Like typing in a passcode that was sent to her device,
providing she's able to do that, she'll be able to get access to those files.
It's good practice to give employees only access to the files they need
and to require re-authentication frequently.
So in this example, Sue would only be given access to the file for her NDA project,
not all the files that exist within the file sharing tool.
Additionally, she should have to re-authenticate
her credentials when she arrived in her second city.
Now that we know what an ideal situation looks like,
how do you go about implementing a system like this at your business?
Let's walk through that right now.
One, Start by focusing on your journey to the cloud.
By modernizing your IAM infrastructure to a cloud based or hybrid cloud based solution.
You can increase operational efficiency and technical agility.
The cloud also allows for containerization
that can separate business systems and information that are unrelated.
In this way, if a container is hacked,
the perpetrator only has access to the files in that particular container.
Not all the data on the device.
Two, deliver risk based access.
Well, every request needs to be buried the validation to be a measure of the risk.
This is important to ensure that the user experience is not negatively impacted.
Three, simplify the deployment of your security solutions.
Create a unified platform that has workforce and consumer access,
identity, governance, privacy and consent management
that allows information to be seamlessly and easily shared without compromising security.
And finally, consider the security features on the actual device.
Security suites vary by manufacturer, so take the time to compare and review the actual offerings.
For example, Samsung Knox supports a mobile zero trust vision
by providing defense in depth all the way down to the hardware level
and easily incorporates into a company's broader security strategy.
Remember,
your security is only as strong as your weakest endpoint,
which is why you need to take the time to secure your mobile devices.
Thanks for watching.
Before you leave, please remember to click like and subscribe.