Device Trust on Android Enterprise is a solution that verifies the security status of Android devices before granting access to work data and apps. It works across managed and unmanaged devices, ensuring that only secure devices can access sensitive information. This helps organizations reduce the risk of data breaches and protect their valuable assets.

Here’s a more detailed explanation:

How Device Trust Works:

  • Verification:

Device Trust checks the device’s security status using various “trust signals” (over 20 signals available). These signals include things like:

  • Operating system version
  • Lock screen passcode
  • Security patch levels
  • Presence of malware

 

  • Access Control:

Based on these signals, Device Trust can grant or deny access to work data and applications. This is often done through integrations with security partners who implement specific policies.

 

  • Zero Trust Approach:

Device Trust aligns with the Zero Trust principle, meaning that every access request is verified, regardless of whether the device is managed or unmanaged.

 

  • Remediation:

If a device doesn’t meet the required security standards, Device Trust provides clear and actionable guidance to the user, helping them resolve the issue and regain access.

 

Benefits of Device Trust:

  • Enhanced Security:

Reduces the risk of data breaches by ensuring only secure devices can access work data.

 

  • Granular Access Control:

Allows organizations to define and enforce precise access policies based on the device’s security posture.

 

  • Improved User Experience:

Provides a seamless and secure experience for employees, even on their own devices.

 

  • Simplified Management:

Reduces the burden on IT administrators by automating security checks and providing actionable guidance.

 

  • Zero Trust Framework:

Helps organizations move closer to a Zero Trust framework by continuously assessing device security posture.

 

Example Use Cases:

  • BYOD (Bring Your Own Device):

Ensuring that employees’ personal devices are secure before allowing access to company data.

 

  • Managed Devices:

Providing an additional layer of security for devices managed by an EMM provider.

 

  • Hybrid Work:

Securing access to work resources in a hybrid work environment, where employees may use a mix of managed and unmanaged devices.

In essence, Device Trust is a valuable tool for organizations to strengthen their security posture and protect their valuable assets in the face of increasingly sophisticated cyber threats.