Last week, Wandera, part of our VMware Mobile Security Alliance, published a report which included some fascinating statistics on WiFi usage and security across mobile devices, such as:
- In 2016, 60% of total mobile data was used on WiFi networks.
- The average number of WiFi connections the typical corporate device makes per day is 12.
- 4% of corporate mobile devices have come into contact with a man-in-the-middle attack in the past month.
Any organization that has sensitive corporate data being viewed, transmitted or exchanged on corporate mobile devices should be worried about the last statistic, in particular. When employees use mobile devices to access corporate information, specifically across public Wi-Fi networks, security holes expand, and that can be bad news for any organization.
VMware Workspace ONE, an integrated platform for the digital workspace powered by VMware AirWatch unified endpoint management technology, can help with securing data across public WiFi networks. For those of you already using or considering upgrading to Workspace ONE, I’ve outlined five best practices that can help reduce risk associated with potential data leakage across WiFi in your mobile environments:
- Enable VMware Tunnel for app-level security. Workspace ONE has VMware Tunnel capabilities that allow VPN access on a per-app basis to corporate resources. The VMware Tunnel allows mobile device Wi-Fi traffic to be encrypted at the application level. IT no longer has to deploy full device VPN for mobile devices accessing resources back into the data center, which can reduce the risk of malware entering the data center.
- Restrict application access from unsafe networks. With Workspace ONE, IT can restrict mobile devices from accessing WiFi networks. If certain WiFi networks are deemed unsafe, IT can restrict access and ensure that only cellular data is used for data transmission, thus reducing the risk for a potential data breach across a dangerous network.
- Enforce access based on minimal OS level. IT can use Workspace ONE to enforce conditions, such as minimum operating system (OS) versions on mobile devices, in order for an end user to access corporate data. This capability can help prevent malicious devices, including those with higher risk (think jailbroken), from connecting to WiFi networks and corporate resources.
- Set up WiFi during enrollment. You can set up WiFi profiles during enrollment as part of the staging process. This helps ensure WiFi profiles are configured correctly and doesn’t put the burden on the end user to manually set up WiFi.
- Set up WiFi policies that align with your security requirements. Configure WiFi profiles with security policies, such as disabling auto-join to any WiFi network nearby, to help reduce the risk of users unknowingly joining an unsecure WiFi network.
In addition to these five tips, you can also integrate Workspace ONE with Wandera for even more advanced security capabilities, such as mobile threat defense and content filtering. We’d also like to hear your thoughts, and if you have any more tips or best practices, comment below!
For more information on Workspace ONE, visit vmware.com/go/workspaceone, and explore these resources:
