| Executives December 3, 2020
December 3, 2020
By Mike Banic
2020 has been a challenging year. Organizations had to quickly figure out how to secure employees and mobile endpoints working outside their existing perimeter-based controls. To take a step back, 2020 isn’t an anomaly. This shift to mobile-first was happening well before the pandemic.
As the leader in mobile security, we decided to host a virtual summit to help security professionals around the world unpack the challenges related to this mobile reality. With our partners at The Cyber Security Hub, we had over 1,000 security professionals register to attend our “Security In Motion” virtual summit. Attendees heard from Lookout experts, our technology partners including Google and VMware, and their peers at the NFL, BNP Paribas, Salesforce, Verizon, Mass Mutual, The Washington Post and General Dynamics.
For those of you who couldn’t make it, don’t worry, we have all of our mobile security summit sessions archived on lookout.com. Before you dive in, I want to share some takeaways from the event.
Bring your own device (BYOD) is now the standard
I had the pleasure of sitting down with Jim Routh, Chief Information Security Officer (CISO) from MassMutual. We had a great discussion about how his workers have shifted from using managed corporate devices to unmanaged personal devices. His observation lines up with what we have been seeing for a while now – that mobile devices are at the intersection of our personal and professional lives.
A theme that stuck with me in our chat was the idea that employees should be able to work from anywhere, at any time and from any device. It was great to get real-world verification from Jim that mobility is now an enabler of productivity. Jim actually shared an example from MassMutual that I thought was quite insightful. He says that many MassMutual senior executives work almost exclusively from their personal mobile devices, even though they have company-issued laptops.
Zero Trust needs to include mobile
The framework Jim Routh used to secure bring your own device (BYOD) at MassMutual was the Zero Trust model. This was also a major theme in my other session with Jim Floyd from Verizon and Sriram Karra of Google. Zero Trust is the idea that you don’t allow a device access to your infrastructure until its risk level is verified, and continuously reassess the risk level to modify access and protect data. In a BYOD environment, you’re allowing any device access to your data. To mitigate the risk of a data breach, you need to continually assess the risk level of their mobile devices to enable safe data access.
What was great to hear from Sriram was about how Google leveraged their experience implementing BeyondCorp, their terminology for Zero Trust, and added it to Google Workspace. The idea is that any device that tries to access anything within Workspace – Drive, Docs, Sheets, etc. – needs to be continuously verified. Lookout is actually one of the first BeyondCorp alliance partners. We’re collaborating with Google to ensure that our expertise in continuous risk assessment of mobile endpoints enables organizations to successfully implement mobile Zero Trust.
Endpoint detection and response (EDR) needs to include mobile
My last major takeaway from the summit was about the next evolution in mobile security. Many of us probably think of mobile security as active defense against threats such as malware or malicious networks. The reality is many cyberattacks don't involve malicious code. They also rarely occur in a single event or only involve a certain type of endpoint.
Endpoint detection and response (EDR) for desktops and laptops enables security analysts to investigate incidents and better understand what happened to traditional endpoints during an incident. But as our technical director, Tom Davison, said in the Summit’s session on mobile EDR, threat hunting without mobile telemetry won’t work in today’s modern business.
If you think about it, every one of your employees now use at least one mobile device for work. Data from the Lookout Security Graph indicates that usage of iOS devices increased 25% when we first shifted to remote work back in March. Employees are now relying on their mobile devices to stay productive. To ensure you understand the increasingly sophisticated cyberattacks, you need mobile EDR.
Secure mobility enables productivity
I could go on and on about what I learned from our virtual summit Security in Motion. Please check out the sessions yourself.
I’ll leave you with this: tablets, smartphones and Chromebooks are now key enablers of productivity, but only if you properly secure them. These devices have as much access to your infrastructure and data as any desktop or laptop computer, and they are just as powerful. To ensure your workers stay productive while also keeping your organization safe, you need to think about security beyond the perimeter.
Visit our Lookout mobile security summit page to watch the various sessions.
Mike Banic Vice President, Marketing