Barratt Homes

Building a comprehensive security stack for mobile

Barratt Developments is the leading housebuilder in the UK. Barratt is investing heavily in a tech stack from Microsoft, including Microsoft Dynamics, Office 365, and Intune.

Barratt employees armed with corporate-owned iPhones and iPads and use applications that are both third party, and in-house developed, hosted on-premise and in the private cloud. These apps allow mobile workers to feed information into the company’s systems. One of these applications allows the company to build data entry forms for on-site health and safety reporting that can feed that information to an on-prem server. Like many companies today, Barratt Developments is carrying out a technical modernization program incorporating a ‘cloud preferred’ strategy.

With a growing number of workers outside the corporate perimeter, the Barratt team began looking into mobile security solutions that address the broad spectrum of mobile risk and also play well with Microsoft tools. They had particular concerns about application vulnerabilities and phishing attacks reaching mobile users, including via SMS, email and social media. Especially since the company has a large number of employees currently working from mobile devices during the coronavirus pandemic.

“We have McAfee on every desktop computer but then we hand people an iPhone that has access to corporate information, so it is important we provide a secure wrapper around it.”

The company has established a Security Operations Centre which includes a SIEM and Cisco ISE for Identity and Access Management, to secure corporate equipment and ports.

“In terms of mobility, we reviewed Mobile Threat Defence (MTD) and came to the conclusion that Wandera is a good choice for Barratt Developments based on previous usage of their MobileIron platform.”

The company uses Wandera’s Threat Event Stream which integrates with its SIEM solution. In recent reporting, Wandera had flagged 1,700 phishing attacks, including PayPal and Apple-branded phishing attacks that users had clicked on, but Wandera was blocking any requests to these malicious sites.

The company conducts phishing training and tests via their SOC and has mandatory cyber security training for all colleagues to further improve the company’s overall security posture.

“Our head of security and compliance looks at the Wandera reporting and provides the business with statistics and insight on how many threats Wandera has blocked. When we get notifications for the latest threat we look for any relevant stats in RADAR and highlight to the business that the tools we have are protecting us from security incidents people might be seeing in the news.”

The company uses an industry leading VPN solution for their laptops but they don’t have a need for VPN on mobile as they use MobileIron to manage devices.

The Office 365 rollout includes Intune with MAM (Mobile Application Management) policies. Wandera’s MAM-WE (‘without enrollment’) capabilities mean policies based on Wandera risk assessments can be set up and enforced at the app level on unmanaged devices to provide uniform policy across all devices platforms and ownership models.

“Wandera’s core functionality works well for us.”