The challenge

With over 20,000 corporate-owned iOS and Android devices under management in the US alone, the company was aware of the high risk associated with uncontrolled employee mobile use.

The organization needed to implement a mobile security solution that would extend the same robust protection it had for desktop to its mobile estate. Mark Edwards, a member of the Information Security team, was concerned about the security gap mobile was creating, especially with so many devices in the fleet.

“When you think about how many mobile apps and sites leak data and carry malware, even the ones that can seem legitimate and safe for work, it makes you feel very exposed. A device in the hand of an employee is effectively a gateway to the corporate network carrying all our sensitive data and that of our customers.”

“As a financial services firm, we have a culture of risk mitigation. We started to look for ways we can proactively reduce our security risks rather than wait around for a breach to happen.”

– Mark Edwards, Special Project Manager

Without the ability to see what was being accessed on employee devices, the firm was uneasy about the mobile threats that they might be exposed to, like phishing attacks and malware.

Of further concern was the occurrence of three data security incidents over the past year involving file-sharing. These happened when employees were uploading sensitive company data to online document hosting services, either mistakenly or with more malicious motivations. Mark and the team were confident that the firm’s desktop security was sufficiently resilient, meaning that the leaks must have originated through mobile activity. He needed to find a way to prevent this from happening again.

HomeServe

Company profile

This New York City-based financial services firm operates in markets all around the world. It has hundreds of executives travelling for meetings on a daily basis that rely heavily on their mobile devices in order to stay connected to the corporate network.

“Once we put AirWatch in place to secure the devices, we then worked to increase the security of the actual mobile data itself. And that’s where Wandera came in, as a complement to AirWatch, not a competing solution.”

– Mark Edwards, Special Project Manager

The solution

The company was using AirWatch to manage its devices and provide a sophisticated layer of device security. However, Mark and the team wanted to extend this protection to activity within the browser, and to something that operated at the network level.

AirWatch was being used to restrict the use of dangerous apps but it couldn’t restrict the use of certain websites accessed through the browser. Wandera was recommended to meet this specification, which not only filled the requirement to filter traffic at a data level, but was able to do so in real-time and with different policies on different networks.

Gambling, adult and ad networks are by far the biggest risk for businesses. Wandera research revealed a staggering 80 percent of the top 50 adult sites were leaking some form of Personally Identifiable Information (PII). They are frequently built insecurely and often expose PII or are host to unwanted malware. By proactively blocking these categories using Wandera, the firm was able to proactively reduce its exposure to these threats.

“We knew that adult and gambling services were more likely to pose a potential risk to our fleet. Without a proper business case to allow them, it made sense to block the whole category altogether. We were already blocking gambling apps with our EMM tool, but we also needed to block gambling sites in Safari without having to block Safari itself.”

– Mark Edwards, Special Project Manager

The organization took a similar approach to third party app stores, which are often entry points for dangerous or poorly-built apps and other threats. Wandera could be used to prevent this on two fronts: first, it would uncover any devices in the fleet that were configured to allow any unofficial downloads, and secondly, content filtering could be applied to block access to all known unapproved stores, including services accessed through a browser.

Mark also took advantage of the file-sharing restrictions available through Wandera. These pre-populated categories ensured that access to all of the unsolicited mainstream filesharing services was limited, such as Google Drive and Dropbox. He went one step further by compiling a bespoke list of domains and apps that posed additional data exposure risk based on previous events and on original research. These services were added to a custom category and were subsequently blocked at a site, app and even individual url level.

With these new measures in place, the company was able to satisfy an internally mandated compliance standard, helping not only to protect sensitive data on the devices but also to avoid any legal or HR risks that might arise through improper mobile use. Once the team had decided to implement Wandera, It didn’t take long for the service to be actively protecting the fleet.

“The deployment was painless. We had 100% enrolment within minutes, seamless delivered over-the-air through our EMM without any need for end-user interaction.”

– Mark Edwards, Special Project Manager

The results

Since adopting Wandera, unsolicited file-sharing has been eradicated due to the solution’s intelligent Content Filtering capabilities. Users are unable to access third-party app stores or risk categories such as gambling and adult, which has significantly reduced the company’s exposure to mobile malware.

“The policies are very easy to configure. Other solutions don’t come close to the number and variety of apps and websites Wandera covers, or the granularity it provides.”

– Mark Edwards, Special Project Manager

Wandera’s Mobile Threat Defense capabilities at the endpoint and in the cloud gateway ensure the device has multi-level protection against mobile malware – both known and zero-day threats.

“The Wandera solution has enabled us to be more proactive about mobile security. In addition to meeting our security needs we’ve been able to enforce usage policy on mobile. For example, we restrict access to cloud storage services to prevent unintentional but also intentional information leakage that could impact the markets.“

0

Incidents of unsolicited file-sharing since adopting Wandera

9,450

Blocks to adult and gambling services in first six months after deployment

59%

Annual decrease in malware detected in fleet after active content filtering in place

To learn more about how Wandera can help your business please click here to get in touch with a mobility expert.

Gartner Market Guide for Mobile Threat Defense Solutions 2018

“Beyond a unified endpoint management (UEM) security add-on, MTD is also used to address use cases such as mobile phishing, bring your own device, app vetting and compliance.”

Download now ›