As malware advances, enterprise mobility management platforms become vulnerable -- so IT pros should know how to protect their systems.
Recently, hackers have been able to infiltrate some enterprise mobility management (EMM) platforms. For example, in January 2018, cybersecurity researchers discovered a zero-day remote access vulnerability in Samsung SDS's EMM. Although Samsung was able to patch its platform quickly and avoid a major outbreak, a lot of unauthorized action could have taken place on end-user devices if malicious code attacked the Knox container.
Although most providers offer products with EMM security features, such as static code analysis or threat emulation, several do not. Some EMM platforms can detect a malicious app on the user's device and instruct the user to remove it -- or if the user doesn't take that step, the admin can remove the device from EMM enrollment to prevent further access to company resources, or wipe the endpoint device entirely.
How to enhance EMM security
The biggest EMM security risk is the company's own employees and administrators. IT can prevent these internal attacks using measures such as single sign-on (SSO) with multifactor authentication (MFA) in the EMM console. With SSO, end users do not use a local login that may persist after they leave the company or transfer to a different role.
IT can also use AI to proactively predict patterns of behavior that could lead to a malicious attack within the organization. It is essential to invest in preventative tools and staff; using AI to weed out large amounts of suspicious data can enable IT to concentrate on higher-priority concerns.
Besides SSO and MFA, IT should set up least privilege models for authentication and access. In a larger organization, it may be beneficial to separate into two teams: one team to run the administration, security and policies and another to run mobile application management (MAM). Then, the organization can align the roles of the employees and their roles within the EMM system.
There are still many companies that run on-premises EMM platforms. In these cases, it's important to implement patches immediately after an attack to protect the system. EMM in an enterprise that doesn't complete patches is susceptible to many vulnerabilities.
IT should also look at the least common denominator and patch the operating systems that the EMM tool sits on. In addition, IT should evaluate coding languages, such as Java and Adobe Reader, which account for most of today's vulnerabilities.
IT should also make sure to use the latest EMM management module and regularly implement updates. The EMM platform has to work in conjunction with all of the systems it sits on, the administrator roles, the user policies and MAM. It is an ecosystem of technologies that make up the EMM platform, not just EMM itself.
Android, for instance, recently replaced Device Administrator with Android Enterprise. With Android Enterprise, a work profile keeps corporate and personal data separate on devices, which can help limit the risks associated with hacking into an EMM tool. Plus, Android does not allow outdated EMM tools to manage the OS, so it prevents vulnerabilities from accessing the system by ensuring that IT keeps its EMM console up to date.
In addition, Apple's iOS has managed apps that an EMM tool can configure easily.
The mobile security landscape is constantly shifting, so IT should check the National Institute of Standards and Technology's Mobile Threat Catalogue to identify new EMM security threats. The ever-changing list also provides steps to remediate issues.