Effectively Prevent Unmanaged Mobile Devices From Accessing Your Organizational Services

Written by Joranna Ng and David Worthington on July 11, 2024

Share This Article

Mobile devices have become so integral to both business and personal lives that it is difficult to imagine a life without them. There’s more attack surface area as a result, and it’s IT’s job to mitigate the risk of cyberattacks. Insider threats are often involved, because employees and their devices can be one of the weakest links in the security chain. That’s why organizations must be certain that their sensitive resources (i.e., email, corporate or cloud apps, and company intellectual property) are only accessible via secure and managed devices.

Employees and their mobile devices pose many challenges. Organizations need to be able to adopt flexible device management modes for corporate-owned devices (COD) and bring your own devices (BYOD) without trading off security. A strategy for mobile devices is especially important for remote, hybrid, or global work environments. In addition, these devices may need to be in compliance with key security audits standards (e.g., ISO 27001, SOC 2, etc.) in order to be utilized in the workplace.

A seamless mobile user experience for end users enhances productivity, and will prevent employee dissatisfaction and avoid potential help desk tickets. Removing the need to type or retype end user email addresses and passwords on their mobile devices to access resources via browser and native applications goes a long way toward offering a better user experience.

However, mobile devices need to be managed by IT so that they do not lose track of the devices or create potential footholds into their systems. Let’s explore why.

The Perils of Unmanaged Devices

Threat actors keep busy by scanning a company’s networks and looking for an entry point where they can start an attack, and unmanaged devices are a tempting target. NIST defines an unmanaged device as a device that is either unauthorized or, if authorized, not assigned to a person to administer. Unmanaged devices usually have fewer security controls, so they are easily exploitable, providing the additional attack surface area that adversaries want.

According to the 2023 Microsoft Digital Defense Report, unmanaged devices are a major target, with 80-90% of ransomware attacks over the past year originating from unmanaged devices. The report also highlighted that global attacks increased by more than 200%. 

JumpCloud Mobile Device Trust 

JumpCloud Mobile Device Trust prevents unmanaged mobile devices (Android, iOS, iPadOS) from accessing enterprise services through browsers and native applications. It enhances mobile security by leveraging JumpCloud Go™, a phishing-resistant credential that helps to create a more seamless user experience by eliminating reliance on passwords and leveraging stronger authentication factors across operating systems.

Mobile Device Trust

Key Features and Benefits of JumpCloud Mobile Device Trust

  • Device Management Condition: These pre-built policies ensure that JumpCloud has control over a device and the ability to evaluate and verify that it’s trusted. In addition, IT admins have the ability to enforce password policies, remove corporate data or access to corporate resources in the event that the device is lost or stolen, or when an employee leaves the company.
  • Operating System Condition: This policy provides IT admins with the ability to limit access to resources based on approved operating systems/platforms.
  • Enhancement to Disk Encryption Condition: This policy ensures that the device connecting to secured company resources has the required disk encryption, file-based or metadata.
  • Device Attestation: Attestation helps to protect against the following threats:
    • A compromised device that lies about its properties
    • A compromised device that provides an outdated attestation
    • A compromised device that sends a different device’s identifiers
    • Private key extraction for use on a rogue device 
  • Device Trust Readiness Dashboard: This dashboard provides visibility into the configuration of desktop, iOS, and Android devices to evaluate device trust, and enables admins to quickly learn the specific policies that are configured in their organization. It also highlights the Conditional Access Policies that leverage the Device Management Conditions.

Try JumpCloud Mobile Device Trust Today!

Sign up for a free demo today to start managing your mobile (Android and iOS/iPadOS) devices efficiently from one console. JumpCloud’s Open Directory Platform works well with other IT solutions in the market, so organizations and managed service providers (MSPs) have the flexibility to keep their existing device management and identity access management (IAM) solutions while utilizing JumpCloud’s mobility solution. You can also experience our guided simulations.

Existing JumpCloud customers can explore other powerful platform capabilities as well. For example, try using JumpCloud’s directory services with device management to securely access company resources through JumpCloud Go.

Joranna Ng

Joranna Ng is a Principal Product Marketing Manager at JumpCloud. She is passionate about technology and loves the device management, identity, and security space.

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter