December 12, 2022

A few weeks ago, the U.S. Department of Defense (DoD) announced that it had created a Zero Trust Strategy and Roadmap in an effort to combat “current and future cyber threats.”  

The strategy highlights four key initiatives: Zero Trust (ZT) cultural adoption, securing DoD information systems, keeping up with technology industry advancements, and enabling ZT policies throughout all departments. 

Read the full DoD Zero Trust Strategy and Roadmap announcement 

What is Zero Trust Exactly? 

Zero Trust is a broad umbrella term used by many different industries, and its meaning can vary depending on who you talk to. Essentially, it refers to a security framework whereby access to resources or systems is granted based on user authentication, authorization, and continual validation before being granted or keeping access.  

Trust can be established in a variety of different ways, and this can vary depending on who is granting access. An organization like the DoD – or any enterprise business – might want to know who is requesting access (i.e., their identity) or where they’re located. They might also look at other factors like the time of day and when was the last time this person was granted access to the system. There are many factors that can be used to assess any given request and then decide if the requestor is to be trusted or not and thus granted access to a resource. 

How Can Enterprise Adopt a Zero Trust Framework? 

You don’t have to be the DoD to roll out a zero trust strategy and roadmap. Any organization could – and should – adopt zero trust if they want to make security a priority. 

The first place to start is by evaluating your enterprise’s mobility situation. Mobile devices like smartphones and tablets are highly adopted across many organizations – especially among knowledge workers. These devices are constantly accessing company networks and assets, sharing files, communicating with colleagues, and more. Attackers know that they are one of the weakest and easiest points of infiltration into any size enterprise. 

Securing mobile devices is a big challenge for enterprise IT teams, and that is something that Google has taken note of. In 2016, they launched an enterprise-grade set of APIs and management controls under the name “Android Enterprise.” 

A 2019 survey done by CCS Insights revealed that 56% of company-owned mobile devices in the U.S. and Europe run on Android. IDC forecasts that in 2022, the number of Android devices shipped for enterprise and business use will be 306 million, up from 276 million in 2021.  

With Android Enterprise, IT administrators have a suite of security and management tools at their disposal with which they can secure all devices in their organization. This includes both company-owned devices, where everything on the device is secured by IT, as well as BYOD devices which can take advantage of the Work Profile feature of Android Enterprise. Work Profile creates a virtual barrier between company apps and data, and personal apps and data. This ensures that if the device is compromised, IT can secure and protect all the company data left on the device without compromising the privacy of the employee’s personal data. 

Another way that enterprises can build ZT is through conditional access. That is preventing access to any asset on the company network unless the requestor can provide their identity beyond a predetermined threshold.  

For example, when a new employee enrolls their device on the network for the first time, the device is given a token as a way to identify it for subsequent access requests. If the same employee tries to access the corporate network from a personal device without that token, they’ll be required to not only log in but also confirm their identity using two-factor authentication. However, if the network detects that the same user is logged in simultaneously on their (trusted) work device and the (untrusted) personal device using two different IP addresses, it can block the login request on the basis that it is a potential attacker trying to gain unauthorized access. 

Social Mobile and Zero Trust 

Here at Social Mobile, I’ve worked with our IT team and leadership to develop our own ZT framework and policies. This was absolutely critical – not just to protect our own company data and assets – but also to protect the data of our clients.  

As a full, end-to-end mobility solutions provider to some of the largest organizations and brands in the world, it was imperative that Social Mobile hold itself to a high standard of security.  

In June of 2022, we achieved ISO 27001:2013 certification, which is an international standard for information security management (IMS) set by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). 

Social Mobile is continuously improving our security and systems, building on the ZT framework and roadmap that we developed. We aim to lead by example. 

Social Mobile Is Helping Enterprise Adopt Zero Trust Frameworks

In November 2022, the U.S. Air Force (USAF) awarded Social Mobile a SBIR Phase II contract to develop and deliver a handheld and chest-mountable device that leverages Android Enterprise and is built to military-grade specifications.  

Not only is this a testament to our own internal security policies, but it also speaks to our company’s ability to deliver a secure device with which other organizations can roll out their own zero trust strategies. 

Many of our clients list device security and management as a top concern, and we have no hesitation to recommend Android Enterprise as part of their mobility solution. 

Furthermore, every device that we produce is Google GMS certified, meaning that every phone and every tablet is certified for all the Google Mobile Services apps and APIs found on Google’s very own devices, like the Google Pixel. The GMS license adds a high level of security and protection, such as Google Play Protect and SafetyNet, all backed by the entire Android and Android Enterprise capabilities.  

IT teams can harness this power using Social Mobile’s EMM (enterprise mobility management) platform, Mambo. Mambo is built directly using the Android Enterprise APIs without any additional middleware or bloatware, which means that it receives security updates and upgrades immediately after they are released.  

Trust Zero Trust or Bust 

In closing, we here at Social Mobile firmly believe that the DoD made the right move in announcing their plan to roll out a Zero Trust strategy, and that every enterprise should follow suit.  

Your company doesn’t have to have thousands of employees or tens of thousands of devices to deploy an effective plan.  

Security should always be top of mind for any organization, regardless of size. It absolutely is for me.