‍MobileIron is a government-grade cloud and endpoint security platform. Here is how our customers leverage MobileIron technology to address the checklist above:

Checklist # 1, 2, 3, 8 
‍Enroll device in MobileIron: Use MobileIron to install a configuration profile on the device that allows IT to take the security actions necessary to protect business data. 

Set security policies: Set the appropriate password and encryption policies in MobileIron. Use biometrics for authentication if available. If a device falls out of compliance, automatically quarantine or selectively wipe it. When employees leave the organization, do a full wipe on the device if corporate- owned or a selective wipe if employee-owned. 

Put business apps under management: Use MobileIron to distribute business apps through the Apps@Work enterprise app store or Managed Google Play. When installed, these apps are managed through policy controls set in MobileIron. That means IT can prevent data sharing between business and consumer apps and delete the apps over-the-air when necessary. This puts enterprise data under the control of IT without compromising the privacy of personal data on the device.  
‍
Checklist # 4 
Deploy per-app VPN: Use MobileIron to configure business apps so that they only connect to on-premises services through MobileIron Tunnel per-app VPN. This separates business app traffic from consumer app traffic, so that excess personal data does not flow through the corporate network. 

Checklist # 5, 6 
Allow only trusted devices and apps to access cloud services: Use MobileIron Access to block unmanaged, unauthorized, or non- compliant devices and apps from authenticating to cloud services like Office 365, Salesforce, ServiceNow, Workday, etc. MobileIron Access is a multi-cloud, multi-identity, standards- based solution that extends across the many cloud services and identity providers in an enterprise.

Checklist # 7
Detect and remediate zero-day threats: Use MobileIron Threat Defense to monitor for suspicious device, app, and network activity. When an issue is uncovered, trigger MobileIron policies to take the appropriate remediation action, like user notification, device quarantine, or data wipe. 

Checklist # 9, 10 
Don’t compromise on security certifications: MobileIron was the first solution to gain certification for the Common Criteria Protection Profile for MDM v2. MobileIron is also SOC 2 Type 2 compliant and has FedRAMP Authority to Operate (ATO). Modern security is evolving and IT professionals sometimes ask if Microsoft Intune can fully support this checklist. We do not think it can, especially for checklist items # 3, 4, 5, 6, 7, 8, 9, and 10. MobileIron is committed to a multi-OS, multi-cloud, and multi- identity security architecture that supports the best-of- breed technology choices of modern enterprises.

Summary
Most organizations will face a security audit of some type, either internal or external, over the next few years. The goal is the same – protect data from both malicious compromise and well- intentioned loss – but the mechanisms to do so are very different between traditional and modern security architectures. A structured audit checklist can provide a starting point for the people, process, and technology investments that will enable an organization to quickly and securely tap into the innovation of cloud services.

In any cloud deployment, endpoint security must stay top-of- mind to satisfy the GDPR, the NIST Cybersecurity Framework, and similar compliance models. Modern apps on modern endpoints are how employees consume cloud services, but data will be lost if those endpoints and apps are not secure. How much data is lost will depend on how quickly organizations implement an end-to-end, multi-cloud security solution like MobileIron as they move to Microsoft Office 365, Salesforce, ServiceNow, Workday, and beyond.