Understanding device risk posture is essential

User authentication, even multi-factor, can not verify that the endpoint is secure, that devices are configured correctly, or whether malware or leaky apps are present. Attackers are beginning to target this known gap in organization’s security. Best practice necessitates awareness and verification of device security posture before granting access to corporate resources.

“Enforce conditional access to corporate email and data, based on the security posture checking of the device.”
– Gartner (Advance and Improve Your Mobile Security Strategy report)

Including contextual factors in policy enforcement

Conditional access considers contextual factors, such as device risk, geolocation and local time, when determining whether a device should be allowed to open an app. The most well known form of conditional access requires a UEM, however this is not suitable for every organization’s device management strategy or ownership model. Wandera can enforce policies by dynamically applying them on the device, at the application and in the network to meet different needs. Organizations can mix and match enforcement models to suit their security strategy.

Conditional Access on the device

Wandera works with UEM services to apply contextual policies on the device. The Wandera app collects a broad range of device telemetry to identify risks such as configuration vulnerabilities, malware, and unsafe apps. This data is crunched by MI:RIAM, a cloud-based threat intelligence engine, to determine the risk level of the device. Wandera shares this information with the UEM allowing predefined actions to be triggered automatically. Common automated actions include locking the device, wiping corporate data, and uninstalling risky apps.

Conditional Launch at the application

Enable the same level of security to be applied to unmanaged devices as corporate-owned. Streamlined access and security policies are enforced on applications managed without device enrollment (MAM-WE). This gives organizations the confidence to provide users with unmanaged and BYO devices the flexibility to work any time, anywhere by connecting them to the applications they need. Conditional Launch policies can be configured to prevent access to corporate apps when the Wandera App is not present or is reporting a high-risk level.

“We are now comfortable with having Office 365 apps on BYOD devices. It’s not a problem anymore because with Wandera’s MAM-WE capabilities, we can protect sensitive corporate data without requiring device management.”
– Cory Sheldon, Barratt Developments

Native Adaptive Access in the network

Wandera’s unique architecture allows it to enforce policies natively through its software-defined network. Operating in the network, Wandera’s cloud gateways encrypt and route corporate traffic, and keep internet access protected and private. Enforcing policies in the network hides applications, preventing unauthorized and unauthenticated devices from accessing corporate resources. Integrating device risk based threat detection into network policy is essential for organizations seeking to implement a Zero Trust Network Access strategy.

“MTD is seen by Gartner clients as a component of a software-defined perimeter”
– Gartner (Market Guide for Mobile Threat Defense)

Ensure sanctioned users access your applications securely and with ease

If employees, contractors and other third parties are connecting to your applications remotely, you could be running unnecessary security risks. If you would like a personalized demo of Wandera’s Private Access please get in touch with one of our experts.

Request a demo