The Need for a Client-Based Mobile Endpoint Platform
By David Cohen, Mobolize, Chief Strategy Officer
Meeting the security requirements for mobile endpoints is a challenge. Multiple types of endpoints – laptops, tablets, and smartphones – are used by employees away from the company network and these devices utilize wireless networks provided by different carriers, ISPs and Wi-Fi operators. The devices all have their own unique operating systems that have constant software upgrades that require security vendors to keep their software updated to meet all the changes.
It doesn’t get any easier for the current leading cloud security solutions of Computer Assisted Security Broker (CASB) and Zero Trust Network Access (ZTNA.) Each have different approaches to security but both are challenged by meeting mobile device security needs.
Let’s look at the shortcomings of the current security offerings. CASB is billed as “clientless” but must intercept traffic somehow so CASB rewrites URLs, which is hard to get right. That’s because rewriting URLs is fragile and often incompatible with some websites. In addition, it uses a “browser only” strategy but mobile devices won’t allow forcing traffic through a proxy for security reasons (at least not without a client/agent), so that means enterprise mobile apps are out of luck. When 90% of mobile activity takes place in apps, that means a clientless CASB solution is providing data leak or threat protection to only 10% of mobile activity.
ZTNA requires the use of an encrypted connector and many vendors utilize a basic IPsec VPN to push data traffic to their cloud firewall. While this approach works, it marries old infrastructure with a modern application environment resulting in processing latency. The next generation of high-tech applications will be hypersensitive to latency making endpoints and mobile device integration a vital part of how ZTNA works. Plus, if it doesn’t work or perform well on an employee’s device, adoption will suffer causing a breakdown of security deployment and effectiveness and no IT leader wants that.
To answer these challenges requires a deep and thorough understanding of wireless networks and the various operating systems of all mobile devices. Mobolize’s on-device Data Management Engine is built with this knowledge and is structured around a single code base for all mobile platforms making software maintenance and upgrades more responsive. The use of a single code base enables feature parity across all platforms while reducing the cost and time required for product development. The result is a quicker time to market for our partners’ security solutions across all operating systems.
In addition, the Data Management Engine delivers the data directly to the appropriate destination resulting in efficient traffic management. It’s done through fine-grain routing, which is highly customizable and simple to manage. This includes direct-to-origin routing from the device so no intermediary server is required, another cost savings. Direct-to-origin is a key capability our partners rely upon, as it enables the lowest latency, highest performance and maximum scalability.
In the key environment of cloud security, here is one of Mobolize’s strengths – we deliver client-based mobile endpoint as a platform. Our client-based endpoint platform strategy helps our partners deliver their mobile device security strategies powered by software flexibility, no limitations on security requirements and no limits on client-based mobile technology.