Hi John,
MaaS360 could play several different roles in a zero trust environment, but I doubt it would be at the beginning or end, more of a middle piece. While we can offer some auth tools via identity and access management, if you wanted a more thorough model, there would have to be some sort of NAC in place to communicate with MaaS360 and ensure that only properly authenticated, managed, and compliant devices can access the network.
We have plenty of tools to consistently monitor the devices for compliance, and it can report back on a lot of different device info (missing patches, connected networks, detailed model information, etc) to really get the most out of our architecture in this use case, I would also have that data fed in to an SIEM for broader monitoring.
We can work in geofencing to monitor device locations, enforce policies based on entering/exiting locations, send alerts if devices remain "offline" for too long, and even set up timebombs to remove sensitive, containerized content if the device fails to check in in 'x' amount of time.
For any user or device that falls out of compliance for any number of reasons (leaves a network, becomes jailbroken or rooted, downloads suspicious apps, or uses too much data, just to name a few), we can of course automate the removal of sensitive data, or even fully wipe if security requires.
Hope this helps out a little - if you have any other questions, please feel free to reach out.
------------------------------
Matt Shaver
System Architect
IBM
mshaver@us.ibm.com------------------------------
Original Message:
Sent: Wed November 11, 2020 04:21 PM
From: John Martin
Subject: Zero Trust Security
How does Zero Trust Security work with MAS360?
------------------------------
John Martin
Senior Security Architect
30 Gaunt Street
Auckland
006421744012
------------------------------