A trusted device is a machine, such as a mobile phone, laptop, tablet or Internet of Things (IoT) devices, that is frequently used to connect to an organization’s network. The Bring Your Own Device (BYOD) trend of individuals using their devices to accomplish work-related tasks continues to increase, thus widening the number and kinds of devices than may access the organization’s IT assets.
Devices must be designated as a secure, trusted device before they are granted access to the network and its resources. Organizations typically have some level of control over trusted devices using a process called mobile device management (MDM). This allows organizations to monitor, manage and secure these devices, while still maintaining user flexibility.
Trusted device verification
A security software agent is installed on trusted devices by IT teams to allow for MDM. One of the most important aspects of trusted device security is authentication. This is an essential part of the zero trust security model that is gaining popularity. The philosophy of this framework is to trust nothing and verify everything before a connection is granted to any and all network resources.
There are multiple types of authentication that can be used to verify the identity of devices. Some of the most common include:
- Regular passwords
- One-time passwords (OTPs)
- SMS tokens
- Email tokens
- Hardware tokens
- Software tokens
- Security questions
- Biometrics: fingerprint, retinal scans or face recognition
Organizations may also implement other security measures, such as requiring trusted devices to connect to a network through a virtual private network (VPN) tunnel.
Securing trusted devices
Every trusted device is a network endpoint that exists at the end of a network connection. Each endpoint is a potential entry point for malicious attackers and as such, devices can be the most vulnerable locations on a network. They are the most common means of access for security breaches.
To further protect endpoints, multifactor authentication is a common security practice. This method of verification uses a combination of at least two of the types of authentication mentioned in the previous section.
Another way to bolster the security of trusted devices is to not only secure the connection but to protect the data present on a device itself and data-in-transit. Data encryption tools scramble and protect information stored and being transmitted on a device and can only be unencrypted using a key.