18    Mobile Data Loss
























          Figure 3.1 Mobile Data Loss Protection Triad.


             Also, when a compromised device is detected, other lockdowns can
          occur. For example, the mobile device can also be automatically
          blocked from remote access to the network by a secure mobile gateway,
          until the device is brought back into compliance. The same can be done
          for the local network. A similar approach can be employed with NAC
          (Network Access Control), where the NAC solution checks in with the
          MDM/EMM when a device connects to the network to determine
          its security posture and if it’s a registered device. If out of compliance,
          the NAC can block access similar to a secure mobile gateway. In terms
          of cloud services, EMM integration with Azure Active Directory can
          block rogue and out-of-compliance devices from accessing Office 365.

             It’s important to note that there’s an issue not addressed by the
          aforementioned countermeasures that is lost or stolen devices. Assuming
          the lost or stolen device remains on the network, the EMM can still receive
          threat notifications from the EMM client and issue a quarantine to protect
          corporate data with a selective wipe. But if the device is a Wi-Fi-only
          device and it’s no longer on the Wi-Fi, how does the EMM still quarantine
          the device? If it’s off the network, the EMM loses visibility into the device.
             More recently some EMM products have added offline policies that
          can reside on the device, specifically when using a container solution for
          your enterprise data. The local EMM client can still look for the same
          types of OS Compromise threats, but now when a threat is detected it
          doesn’tneedto “phone-home” to the EMM management console to