| Executives June 2, 2015

June 2, 2015

CISOs ask and we answer: Why enterprises should care about mobile security

By Aaron Cockerill

Why should I, as an enterprise, care about mobile security?
It’s a question I’ve heard a lot since Lookout started developing Mobile Threat Protection, our brand new product announced today that will protect large, global enterprises from mobile threats using our predictive technology.
To me and to Lookout, the answer to why you should care is simple. It’s all about the data.
Really, forsaking mobile security when you know your employees are accessing data via mobile is like leaving the side-door open with the front door locked, expecting no one to figure out how to get inside. In the end, if you care about data, you care about mobile. It matters.
Mobile devices have evolved from being simple communication devices into being the primary productivity tool for enterprise knowledge workers. Of course, many of these are personal devices, so you wind up having a mix of personal and enterprise data that both parties should want secured.
We created Mobile Threat Protection because visibility is key. You can’t know how to manage your risk and protect your organization if you don’t know what threats are present in your organization. With Mobile Threat Protection, enterprises are able to:
  • Detect and remediate mobile threats such as surveillance, trojans, or data exfiltration
  • View and approve iOS and Android apps that were installed outside of official app stores
  • Identify devices that have been rooted or jailbroken, even if they bypass MDM detection
  • Distinguish between malicious apps and those that exhibit risky behaviors which may violate a company’s security posture, such as exfiltrating data to foreign servers
  • Manage risk based on certain user characteristics, such as geography, department, or seniority within an organization
  • Connect with leading MDM solutions for simple device enrollment and threat remediation
  • Ensure adoption with a beautiful user interface that is already trusted by consumers
In the process of creating Mobile Threat Protection, I talked with a number of enterprises to research their needs and concerns. Five major questions stood out to me:
Why do I need Lookout if I have MDM?
MDM’s are an important part of any mobile security program, but are unfortunately not the complete solution. MDM is all about device configuration; it’s not about mobile security. It can configure policies to enforce security, but the technology itself doesn’t actually know when a security issue happens. MDMs do some things really well: device asset management, secure browsing, basic separation of corporate and personal data, and mobile app distribution to name a few. But they can’t protect you from malicious or risky software.
What can mobile apps do to put my data at risk?
You really need to understand the difference between malicious apps and risky apps. Malicious apps are just as they sound. They intend to perform a behavior they know you won’t like. This might be data exfiltration, compromising your network, or something else. Risky apps, on the other hand, may simply be applications that perform a certain task you might not be comfortable with, for example, sending contact information to a server in China. It might have a legitimate reason to, but you need to decide your enterprise’s own risk tolerance. Step one to a sound mobile security program is gaining visibility into the risk these devices, and the apps they hold, introduce to your organization.
How are my employees installing iOS and Android apps from unknown or untrusted sources?
It's standard practice for enterprises to create and distribute their own applications to employees. Unfortunately, this circumvents the excellent job Apple and Google do in vetting apps for security issues. This creates two problems: no one is checking to ensure the enterprise hasn’t made coding mistake that opens the enterprise to exploitation, and it also creates an avenue for the distribution of malicious software. It’s a myth to believe that iOS devices can only get apps from the Apple App Store. Indeed, every iOS threat that has affected a non-jailbroken device has accessed it through this enterprise distribution method.
Why do I need advanced jailbreak or root detection?
Enterprises should be focused on the methods for determining how many devices are jailbroken/rooted. It’s quite easy to jailbreak or root a device. In fact, 8% of iPhones are jailbroken. Currently, the main method for determining this is to ask the device, “Are you jailbroken/rooted?” But a number of people will use easily-implemented evasion tactics to obfuscate the state of their OS. That’s why you need technology that does not rely on the device to give a truthful answer.
Are employees using their own mobile tools, putting sensitive data at risk?
Of course! People are going to gravitate toward tools that make their lives easier and, today, those tools are the ones people use in their personal lives. Companies need to embrace consumer apps as more employees expect to be able to use them in the workplace. But this is where visibility is key: understanding what is on your network and knowing what is “risky” and what is not will help you keep your data secure while relieving roadblocks to employee productivity.
Interested in Mobile Threat Protection for your organization? Learn more.


Aaron Cockerill,
Chief Strategy Officer