Smart devices are vital to business operations and the risks associated with their management have surged. The recent security breach affecting Singaporean students[1] underscores the critical importance of robust security solutions. With 13,000 students experiencing data loss due to a remote wipe – a consequence of inadequate security measures and compromised systems – it is imperative for organisations to adopt advanced MDM solutions that prioritise security and resilience.
The Reality of Mobile Security Risks
The recent incident in Singapore is not an isolated case; it highlights a growing trend of vulnerabilities that can lead to catastrophic data breaches. As organisations increasingly rely on consumer-grade devices for sensitive operations, the risks associated with devices multiply.
The National Cyber Security Centre (NCSC) recognises the challenge and has developed “Advanced Mobile Solutions” (AMS), a risk model together with a set of architecture patterns and associated technologies, to help high-threat organisations navigate the complex landscape of mobile security[2].
AMS advocates for a risk model that accepts the possibility of device compromise while implementing stringent measures to protect sensitive data and core networks.
Becrypt have worked closely with government to support the enhanced security characteristics of the Advanced Mobile Solutions programme, resulting in the first MDM platform compatible with Deep Packet Inspection and secure MDM server hosting.
Becrypt’s, MDM+, was developed with the following principles in mind:
- Assumed Compromise; MDM+ operates on the premise that individual mobile devices may be compromised. By design, our system protects data and infrastructure even in the event of breach, we ensure that sensitive information remains secure. Becrypt’s MDM+ solution has been deployed to protect government and corporate networks, allowing active defence against sophisticated and persistent adversaries. MDM+ offers enterprise scale intuitive management of devices such as Apple iPhones, while remaining transparent to the users.
- Robust Protection of Core Networks; MDM+ has implemented an architecture compatible with standard network defence tools, such as Web Application Firewalls. Based on a novel split-architecture approach, MDM+ allows the management server to be hosted within a secure network, appropriately segmented from a DMZ within a ‘walled-garden’ network architecture. The split architecture allows proxy server components to deliver scrutinisable network traffic for packet inspection within the DMZ or robust protocol validation via a Cross Domain Solution. This aligns with the NCSC’s guidance that emphasises protecting core networks from potential threats introduced by mobile devices.
- Data Protection and Isolation; MDM+ minimises the aggregation of sensitive data within mobile infrastructures. By ensuring that sensitive information is not stored in a vulnerable state, we reduce the risk of bulk data exfiltration, a fundamental principle highlighted in the AMS architecture.
- Comprehensive Monitoring and Response; Our system is equipped with monitoring capabilities that enable rapid detection of anomalies and potential compromises. This proactive approach allows organisations to respond swiftly, limiting the impact of any security incidents.
The landscape of mobile security is fraught with challenges, but solutions like Becrypt’s MDM+ offers a pathway to resilience and confidence. By acknowledging the risks and implementing robust measures, organisations can navigate the complexities of mobile device management while ensuring the security of their data and systems. At Becrypt, we remain committed to empowering organisations with the tools they need to thrive in a digital-first world, working collaboratively with government partners to advance mobile security practices and protect against emerging threats.
For more information call +44 (0) 845 838 2080 or email sales@becrypt.com.
