Zero Trust Applied to the Mobile World

The NCCoE Buzz: Mobile Security Edition

Zero Trust Applied to the Mobile World

Many professionals in the cybersecurity community are talking about zero trust architecture (ZTA), and although it is not a new concept, there is renewed interest in implementing zero-trust principles. This introduces challenges for an organization’s mobile administrators. But what does zero trust really mean for mobile?

Due to the pandemic, many employees have transitioned to remote/telework options to accomplish their daily work activities. The portability of mobile devices makes it easier to respond promptly to emails, attend virtual meetings, and use special work apps from anywhere, even in your own home. They also serve as backup devices when the primary computing devices are not functioning properly at remote sites.

In this new environment, mobile devices are now another endpoint connected to enterprise resources and can put the entire enterprise at risk if compromised or stolen. ZTAs can minimize this impact by applying cybersecurity practices that assume no implicit trust, constant monitoring, and restricted access to the enterprise resources based on the criticality of resources and user and device identity and posture.

So, how do you get started?

When considering implementing a ZTA, it helps to first clarify the fundamental tenets. Recently, NIST Computer Scientist Gema Howell published an article on the RSAC Blog clarifying the role of ZTA for the mobile device security community and how to implement a ZTA based on standard practices.

Want to learn more? Check out our resources below:

View full article on RSAC Blog

Read NIST Special Publication 800-207 Zero Trust Architecture

Check out the official NCCoE Mobile Device Security project page