kras99 - stock.adobe.com
The default security and sandboxed structure of mobile platforms can provide organizations with a false sense of security, and organizations can fill this security gap by deploying mobile threat defense.
When organizations deploy a mobile threat defense (MTD) tool, they add protection against phishing, unsafe network connections and even malicious apps. The deployment process may be intimidating, but it is not too difficult. IT administrators should learn the goals of deploying a mobile threat defense app to end-user devices and the three most common setup options.
Different approaches to deploying a mobile threat defense product
Many MTD products in the market consist of an MTD app on a mobile device and a service in the cloud that functions as the management console and central hub.
That cloud service enables MTD products to provide security intelligence to the MTD app on the mobile device. Because MTD products are mainly cloud-based these days, the installation process is largely just the configuration of the cloud service and the rollout of the on-device app. Further, the MTD vendor provides a running service, so from a hands-on installation perspective, most of the work must be done locally on the mobile device.
IT administrators can simplify this on-device installation process using a mobile device management (MDM) platform or MDM functionality within a unified endpoint management platform. These features are also available in most enterprise mobility management platforms.
These platforms can roll out the MTD's mobile app and the related configurations. The steps to install an MTD app on a mobile device aren't the same on all platforms, and they vary depending on which services organizations require.
IT administrators can use MTD products as a standalone option, but the best way to get full coverage is to use MTD alongside MDM capabilities. That combination also enables the IT administrator to react to risk signals from the MTD by blocking or allowing access to company data and resources based on those signals.
IT can use a similar combination with mobile application management (MAM) alongside MTD. That combination provides the user with the flexibility of choosing and using their mobile device and still enables the IT administrator to protect company data and resources. This method allows IT to manage access to organization-specific apps based on the same risk signals provided by the MTD product.
Installing an MTD app when using a standalone MTD product
Though it isn't always the best option, some organizations will opt to deploy a standalone MTD product, whether for management concerns, cost savings or other reasons. For these organizations, the installation of the MTD app is a manual activity for the end user. The user must navigate to the Google Play Store or the Apple App Store -- depending on the mobile device's platform -- and then download and install the required MTD app. After the download and installation, the user must activate the MTD app with an activation code or by signing directly into the app with their credentials, depending on the MTD product. After activation, most MTD apps are up and running. Some MTD apps might have a few follow-up steps to specifically ask the user for permissions and create a VPN connection.
Installing an MTD app alongside an existing MDM platform
When IT uses an MTD product combined with an MDM platform, the IT administrator can automate the MTD app installation. The IT administrator can add the MTD app to the MDM platform using the available apps via the Managed Google Play store and the Apple App Store. Depending on the management scenario, IT administrators can combine the latter with the Apple Volume Purchase Program. If needed, the IT administrator can even manually add the MTD app.
After adding the MTD app to the MDM, the IT administrator can use an app configuration policy to apply the correct configuration to the MTD app. Together, this enables the IT administrator to push a preconfigured MTD app to a managed end-user device.
However, some MTD apps may have additional steps that require the user to open the app and follow the on-screen steps. Often these steps are related to gaining permissions on the mobile device.
Installing an MTD app alongside an existing MAM platform
For organizations that use an MTD product in combination with an MAM platform, MTD app installation is a manual process. The IT administrator can create an app management policy for company apps that will require the user to install the MTD app. Without the MTD app, users will no longer be able to access business data or company apps.
That policy will guide the user through the process of installing the MTD app by using the Google Play Store or the Apple App Store. This will bring the user to a process similar to the one outlined for a standalone MTD setup.
Determining which mobile threat defense policies to configure
Organizations should carefully consider the balance of security over privacy, which is the crux of mobile device security policies in general. If BYOD or corporate-owned personally enabled devices are part of the managed fleet, it is still possible to protect users without infringing on their privacy. However, IT and management must provide clear messaging, and employees will need to acknowledge the benefits of enrolling in a security platform by opting into it via a written agreement.
For example, many platforms now offer user anonymity or inform users when an app or website leaks information without alerting the administrator -- unless the leak poses a risk to corporate data. This presents a win-win scenario where the organization validates privacy concerns and the platform flags company-related threats for IT.