The explosive growth of mobile devices in the workplace creates new opportunities for business innovation, while at the same time introduces new vectors for risk. Security should provide the means to mitigate risk, but to date, common approaches for mobile security are limited in scope. These approaches include:
- Blocking mobile devices - Some organizations try to use blocking technologies in an attempt to insulate themselves from the risks that come with mobile computing. However, employees want to use their mobile devices at work, and will find ways to use them without the company’s knowledge or support.
- Hoping existing security products will protect mobile devices – Some organizations hope that their existing security measures will protect mobile devices. This will not provide satisfactory results, because traditional network and endpoint security measures are not optimized for mobile use cases and may not provide adequate protection against mobile threats.
- Applying basic security measures – Not all mobile security measures are the same, and the limitations are not always apparent at first. Mobile security measures for basic use cases (such as ActiveSync for email), do not necessarily provide the necessary protection for other applications and data. As organizations adopt more sophisticated mobile use cases, the security requirements will change as well.
A new approach for mobile security is necessary in order to fully realize all of the benefits that it can provide to the organization. It requires a shift in the expectations for what mobile security must deliver in the first place.
GlobalProtect from Palo Alto Networks provides a comprehensive, integrated solution to safely enable mobile devices. It is designed to help customers embrace their mobile initiatives for smartphones and tablets by providing the necessary security to make them safe platforms for business applications and data
GlobalProtect has three primary components:
- GlobalProtect Gateway: Delivers mobile threat prevention and policy enforcement based on apps, users, content, device and device state. Extends a VPN tunnel to mobile devices with GlobalProtect App. Integrates with WildFire for preventing new malware.
- GlobalProtect App: Enables device management, provides device state information, and establishes secure connectivity. Connects to the GlobalProtect Gateway to access applications and data in accordance to policy. Exchanges device configuration and device state with the GlobalProtect Mobile Security Manager.
- GlobalProtect Mobile Security Manager: Provides device management to configure the device. Uses WildFire malware signatures to identify devices with infected apps. Shares information about the device and device state with GlobalProtect Gateway for enforcing security policies. Hosts an enterprise app store for managing business apps. Isolates business data by controlling lateral data movement between business and personal apps.
The GlobalProtect components work together to address mobile security requirements in the following manner:
Manage the device
GlobalProtect Mobile Device Manager provides device management capabilities to manage mobile device configuration, deploy business apps and oversee device usage throughout the organization. It also simplifies the deployment and setup of new devices, helping administrators manage mobile devices at enterprise scale.
Protect the Device
GlobalProtect App establishes an IPsec/SSL VPN tunnel to GlobalProtect Gateway. The tunnel terminates at GlobalProtect Gateway running on the Palo Alto Networks next-generation security platform for consistent enforcement of network security policies.
Mobile threat prevention technologies protect the device from the latest exploits and malware, powered by global intelligence provided by WildFire.
Control the data
In order to control access to data, GlobalProtect Gateway enforces security policies that control network access to applications and data. It uses application, user, content, device and device state as policy criteria, providing the granularity to make precise policy decisions. The information about the device and device state comes from the GlobalProtect Mobile Security Manager, thus establishing a direct link between the applications that particular devices can access.
In order to isolate business data and control data movement on the device, GlobalProtect can control business data so that it is used with business apps, and prevent sharing the data with unmanaged personal apps. If a user leaves the organization or the mobile device is lost or stolen, the organization can either wipe only the business data or the entire device if necessary.
Learn more about GlobalProtect and find out how it can address your mobility security requirements.
Mobility Security Solution Brief
Read about how to safely enable mobile devices with Palo Alto Networks.
Learn about the next-generation firewall features for securing mobile devices.
Learn how a next-generation firewall extends comprehensive application visibility and control and vulnerability protection to mobile devices.
Networking & VPN
Learn about the next-generation firewall features for VPN.