This option allows companies to determine the level of trust that can be granted to the personal device of a collaborator, such as that of a subcontractor, or a partner.
Many companies rely on terminal administration ( MDM ) or mobile application management ( MAM ) to keep an eye on data access points in the enterprise. But what can a company do to have a minimum of control over mobile devices that are not owned by it and that it can not administer directly, such as those of partners or even collaborators, as part of a BYOD policy? ? This is where the terminal certification comes into play.
What is the certificate of the terminal?
With device certification, organizations can discover how mobile users’ devices are protected or secure before they can access applications. The goal is to provide at least a minimal check of the confidence that can be reasonably placed in a device.
Thus, the certificate allows to have an eye on terminals that are already administered by a third party MDM system, such as that of a partner company seconding employees on site.
For this, publishers can offer an application, an agent, a development kit, or a combination of all. The development kit can be useful for setting up controls directly within internal business applications. This allows the passage to avoid having to request the installation of additional software components to the people concerned.
The monitored items vary from one tool to another, and from one operating system to another. But in general, it’s about covering hygiene basics like terminal locking systems, their integrity – between jailbreak and rootage – and the application of updates.
With which tools?
Duo Security, acquired last summer by Cisco , is one of the publishers involved. Its Duo Mobile application, which can be used for one-time password (OTP) multiple-factor authentication, includes terminal attestation capabilities. Under Android , it will check for example that the full encryption of storage resources and biometric authentication are enabled – in addition to the basics mentioned above.
It is the identity provider or business application that, through integration with the mobile application, will then use the certificate of the terminal to decide whether to allow access or not.
Lookout, Zimperium, and Samsung Knox also support mobile device certification via their development kits.