When it comes to enterprise information security, one size does not fit all, as they say. And it certainly applies to the varying approaches taken by IT Mobility and Security teams in how they administer information security policies. Whether it’s complying with regulatory requirements, or aligning mobile security risks with existing information security policy, integrating mobile into the overall enterprise security strategy requires both flexibility and an ability to customize mobile risk policy to the unique needs of each company. These are the themes that drove the risk policy management and custom app scoring enhancements included in our solution. Helpful features include:
Multi-Behavior App Risk Policies
What is deemed risky app behavior for one set of employees may be vastly different for another. Protecting company executives may require a policy that monitors apps for location tracking, calendar data aggregation, and unauthorized document transfers to foreign addresses, while employees working from remote geographies may need to be protected from 3rd party app store downloads. Whatever the risk tolerances and use cases, Appthority has greatly expanded the options for customizing risk policies by adding multi-behavior policy creation. Put simply, multi-behavior policies allow IT to add different combinations of risk behaviors into the setup of a single new policy. Each new policy can be a different combination of behavioral triggers that monitor apps and new app versions for any one, or all, of the behaviors associated with that single policy. This new capability makes monitoring for compliance across a varied range of employee groups and risk tolerances, much easier and more effective.
Smart App Lists
So what happens when a new multi-behavior policy finds apps triggered by that policy? They get filtered into a smart app list of course! Think of smart app lists like smart playlists in iTunes; any app risk behavioral criteria triggered via a policy will automatically build a smart app list for all apps meeting that criteria. This dynamic app grouping capability can be used to easily automate creating smart whitelist and blacklists for different employee groups across the enterprise. Want a set of policies that apply only to company executives, then you create the required risk policies and associate them with smart app lists applied to a specific group of company executive mobile devices.
Custom App Risk Scoring
One of the most frequent requests we’ve received from customers is to allow the IT team to assign their own app risk score for each app. Although Appthority generates an overall Trust Score per app, some customers want to use risk behaviors and policies to set their own score for any app that meets certain risk criteria. Not only can IT teams score apps using custom criteria, they can easily update these scores at any time should their overall information security policies change. Further, customers can set policies to trigger remediation actions for apps that meet certain custom risk scores thresholds. For example, a customer can choose to automatically quarantine a user who downloads an app that receives a low custom risk score.