Securing Mobile Devices: The Zero Trust Model

April 11th, 2017   |     |  smarter identity

“The security perimeter is dead,” says Forrester Senior Analyst Merritt Maxim. Firewalls may have been the primary security parameter for the enterprise 10 years ago, but those days are long over.

The modern workforce is a mobile workforce.

Working remotely on both Mac and PC laptops as well as mobile phones has become the norm for many organizations. Between mobile and remote employees as well as independent contractors, this trend is only becoming more prevalent. This level of flexibility is great for productivity, of course, but has serious implications for security complexity.

Many of these laptops are excluded from corporate security policies, including password requirements. In fact, according to the 2016 Verizon DBIR, 63% of confirmed data breaches involved weak, default or stolen passwords. When these devices are stolen or lost, they act as major organizational security gaps just waiting to be exploited.

What’s at risk?

According to Forrester, some of the most common kinds of data stored on these laptops includes corporate financial data, customer personally identifiable information (PII), and customers’ payment/credit card data. And this type of data is becoming even more commonly stored on mobile phones as well.

This information is critical to keep safe, of course. But how often are these devices really lost or stolen? According to Forrester, more often than you might think.

”20% of global network security decision-makers whose firms had a security breach in the past year said that a lost or stolen asset was the most common way the breach occurred”

Merritt Maxim
Forrester Senior Analyst

The 2016 Verizon DBIR, states that laptop and mobile devices are lost over 100 times more frequently than they are stolen. When physical device theft does occur, 39% of thefts happen in the victim’s own work area, and 34% occur in the victim’s personal vehicle.

These thieves may be stealing devices not to exploit sensitive company data, but just to make a quick buck on eBay. But how would you feel about someone selling a device online that contains sensitive data about your customers?

Again, the security perimeter is dead. New security parameters at the device level or identity level are necessary to keep critical data secure.

The Solution: Zero Trust

Forrester and OneLogin advocate the Zero Trust Model. That is, eliminate the idea of a trusted or untrusted network entirely, and treat ALL network traffic as untrusted. This model essentially boils down to 3 key parameters:

  1. Verify and secure all resources.

  2. Limit and strictly enforce access control.

  3. Inspect and log all network traffic.

More and more organizations are adopting this model, and looking to Identity and Access Management (IAM) to help facilitate this transition. In fact, Forrester reports that 61% of orgs are implementing or expanding their implementation of IAM adoption.

A laptop is lost every 53 seconds. Are you ready?

Learn more about the risks of the mobile workforce. Watch the on-demand webinar with OneLogin’s Al Sargent and guest speaker Forrester’s Senior Analyst, Merritt Maxim as they take a deeper dive into these topics:

  • Today’s widespread security gaps and their economic impacts
  • A new approach to Identity and Access Management to manage security issues
  • Hardening enterprise’s endpoints while moving to the cloud, without disrupting existing identity architectures
About the Author

Jack Shepherd joined the OneLogin team in Summer of 2015, and is now the Content Marketing Lead at OneLogin. Jack specializes in producing thought leadership pieces around the latest cloud technologies, cybersecurity, and the evolving role of unified access management.

View all posts by Jack Shepherd

Secure All Your Apps, Users, and Devices