# Mobile security management

Enforce security and compliance standards across all your clients' corporate and personal devices. Protect data at rest, in use, and in transit from a single multi-tenant console built for managed service providers.

## Guaranteed all-around data protection across every client

Protect your clients' corporate data at every stage; whether stored on devices, actively being used, or transmitted across networks.

1. **Data at rest:**

   Enforce client-specific restrictions and encryption policies to keep data stored on devices safe. Ensure device encryption is active and passcode policies meet each client's compliance requirements.

2. **Data in use:**

   Create a virtual fence around corporate data per client with data loss prevention policies. Restrict clipboard, screenshots, screen recording, and data sharing between managed and unmanaged apps.

3. **Data in transit:**

   Control and encrypt network traffic from client devices. Distribute VPN profiles, enforce per-app VPN, and distribute certificates to authenticate secure connections across every client account.

## Secure client devices without compromising user productivity

Deploy security policies that protect your clients' data while keeping end users productive and unhindered.

1. **Enforce secure authentication:**

   Configure device and app login policies per client: passcodes, biometrics, and enterprise SSO. Set complexity requirements, expiration schedules, and lockout thresholds based on each client's standards.

2. **Reduce the attack surface:**

   Block untrustworthy websites, sideloaded apps, USBs, and connections to unsecured Wi-Fi, Bluetooth, and VPNs across client fleets. Minimize exposure to threats at every endpoint.

3. **Lock down devices:**

   Control which apps and device functions can be accessed by end users per client. Apply kiosk mode for single-purpose deployments and restrict access to non-essential device features.

4. **Control OS updates:**

   Automate, schedule, or defer OS updates on your clients' mobile devices. Ensure devices run only approved OS versions to maintain compatibility and security compliance.

5. **Manage app permissions:**

   Configure app permissions for store and in-house apps per client. Grant users flexibility to change permissions where appropriate, or lock them down for sensitive deployments.

6. **Apply data loss prevention policies:**

   Secure your clients' corporate data with restrictions on data sharing, backups, and clipboard access. Perform remote lock, locate, and wipe actions when devices are lost or stolen.

7. **Provide conditional access to business data:**

   Ensure only compliant devices have access to your clients' Exchange emails and workspace apps. Block non-compliant, unmanaged, and jailbroken devices from accessing corporate resources.

8. **Achieve location-based compliance:**

   Perform remedial actions to secure data when client devices leave approved geographic fences. Set up geofencing per client and automate alerts and policy enforcement based on location.

9. **Establish a fail-safe for compromised devices:**

   Automatically detect and restrict jailbroken or rooted devices from accessing your clients' corporate data. Remove compromised devices from management and revoke access instantly.

## Devise a comprehensive defense strategy for every client's devices

Layer multiple security controls to create a defense-in-depth approach tailored to each client's compliance requirements and risk profile.

1. **Device security:**

   Get all-around protection for devices across your client base, from securing device access to applying advanced context-based policies. Ensure devices remain encrypted and updated to host corporate data securely. Deploy passcode, biometric, and lockout policies tailored to each client's requirements.

2. **App security:**

   Secure the entire app management process per client. Distribute store and custom-built applications to designated users, configure app settings and permissions, test and update apps, or remove apps—all through a secure channel. Deliver holistic workspace management with integrated Zoho ecosystem apps.

3. **Data security:**

   Curb sharing of distributed content, app data, and contacts through Bluetooth, NFC, Wi-Fi Direct, USBs, clipboard, and screenshots per client. Prevent corporate data backups to third-party cloud services. Apply DLP policies for maximum data security at rest, in use, and in transit.

4. **Network access security:**

   Secure connections from client devices by allowing only trusted networks or encrypting connections from untrusted ones. Distribute client certificates for identity and authentication across Wi-Fi, VPN, Zero Trust, and other services per client account.

5. **BYOD security:**

   Separate corporate data by containerizing it on your clients' employees' personal devices. Apply security policies to containers with data sharing restrictions. Manage corporate apps even on unmanaged personal devices for comprehensive BYOD protection per client.

6. **Kiosk and rugged device security:**

   Provide access to predetermined apps, websites, content, and device functions for client kiosk deployments. Toggle devices in and out of kiosk mode based on conditions. Secure rugged and IoT devices from the same console with OEM-provided configurations and firmware updates.