Skip to main content

How Android Enterprise supports a Zero Trust security model

The surge in remote and mobile working has put an increased emphasis on how organizations should best manage and secure device access to critical information. New research from Omdia, in a survey of 700 IT decision makers, found that businesses are  expanding and strengthening access controls now that many employees spend very little or no time in the office.

This has piqued interest in the Zero Trust security model, which is built on the premise that access to corporate resources should continuously be verified. In the Omdia survey, thirty one percent of the respondents are currently using a Zero Trust, with another 47 percent planning to do so in the near future.

Understanding the Zero-Trust security model

The Zero Trust security model enables a mobile and remote workforce to securely connect to company resources from virtually anywhere. Devices are vetted before being granted access to company resources. Companies can use tight, granular controls to specify the level of access whether the devices are connected to a corporate network, from home, or elsewhere.

An effective Zero Trust implementation requires numerous device signals, context and controls to make intelligent decisions about access. A key piece of a Zero Trust architecture is the enforcement point, which is the identity or network component that grants or denies access based on the various device and user signals that are available. For example, the enforcement point may decline access to devices that do not have the most recent security patch or show signs of running a compromised operating system.

030A5F14-D734-4EFA-9823-9F8B19D5FA12_4_5005_c.jpeg

A Zero Trust diagram showing how various device and user signals are used as part of contextual rules that dictate the control.

How Android enables a Zero Trust security approach

Android has a wealth of platform features and APIs that our enterprise mobility management and security partners leverage to safeguard backend services and resources. Let’s look at how Android provides the building blocks you need for a Zero Trust deployment.

Android provides a variety of device signals that administrators can use in building systems to verify the security and integrity of devices. In a Zero Trust model, these signals are used to assess whether a device should be allowed to access corporate information.

The first thing that needs to be checked is the OS version and Security Patch Level of the device. The SafetyNet Attestation API verifies a device has not been rooted, while the SafetyNet VerifyApps API checks for the presence of malware. Admins can also confirm if applications are complying with Android security standards. The NetworkEvent and SecurityLog logs provide data to check for any suspicious activity or anomalies on devices.

The next aspect is context: 

  • Who is trying to access a particular resource—are we sure that this is in fact the right device and person?

  • What resource are they trying to access—is this resource restricted to a select audience or region?

  • When are they trying to access it—is this during work hours or after hours?

  • Where are they trying to access it from—are they in their normal region or traveling?

  • How are they attempting to access it—are they accessing this from a web app or native app, is the device fully managed or BYOD?

  • Why do they need to access it—is this someone who typically accesses this information?

Putting Zero Trust to work for you

Now that we have device security signals and the context we can decide how to control the access to the information.

Here are some examples:

  • If a user is on a rooted device — no access.

  • If a user is traveling international — limited access.

  • If a user is trying to access a resource for the first time in a while — prompt for a second factor during the authentication flow.

The Android platform provides the signals and intelligence in order to understand the context and define appropriate controls in a Zero Trust deployment. What makes Android unique as a Zero Trust endpoint is that unlike other operating systems where you need to rely on the Enterprise Mobility Management (EMM) solution to gather the appropriate device signals and attributes, on Android access to these signals can be delegated so that which ever component is acting as the enforcement point; whether it be the identity provider or the network access control component, can collect all of the necessary information directly off the endpoint device as opposed to integrating with a multitude of backend systems.

If you are currently using Zero Trust or moving in that direction, make sure to confirm that your EMM or your enforcement point can access the plethora of signals directly from the device. And check out the Omdia security report to learn more about growing adoption of Zero Trust security.


by Eugene LidermanAndroid Security & Privacy Team via The Keyword

Comments

Post a Comment

Popular posts from this blog

certain keys on my keyboard dont work when "cold"

Hi guys, i have a Lenovo Y520-15IKBN (80WK) and certain keys on the keyboard don't work (e,g,h,8,9,Fn...) but only when the weather is cold. for example in the winter it used to work after certain amount of time when i first boot the laptop and stops working when i stop using it for a while, but now that the weather is hot it works just fine except for the first couple of minutes or when its colder. of course i do realise that it has nothing to do with the outside weather but with the temperature of the computer itself. can someone explain to me why this is happening and how it should be fixed as i cannot take it to the tech service until july even though it's still under warranty because i need it for school. ps: an external keyboard works fine. Submitted April 29, 2018 at 03:35PM by AMmej https://ift.tt/2KiQg05
Post a Comment
Read more

Old PC with a Foxconn n15235 motherboard needs drivers! Help!!

So my Pc corrupted and I had to fresh install windows on it, but now its missing 3 drivers and one of them is for the Ethernet controller! I've tried searching everywhere for the windows 7 drivers but all I seem to find are some dodgey programs saying they will install it for me. Problem is without the ethernet driver I can't bloody connect to the internet. I've been using a USB to try get some drivers on there, but they just end up being useless programmes . I'm also a bit of a noob at these things, I don't understand where to find the names of things in my PC, I've opened it up but I don't understand whats significant and what isnt. If someone has the drivers and can teach me how to install them I'd be very appreciative! Submitted April 29, 2018 at 02:47PM by darrilsteady https://ift.tt/2r76xMZ
Post a Comment
Read more