I had an interesting discussion last week with AirPatrol, a company coming out of stealth mode, with regard to their solution to address the BYOD problem. Their approach, which they call “Cognitive Mobile Security,” uses location sensors installed within a building that can track mobile devices to an accuracy of 20 centimeters—accurate enough to identify whether a mobile device is in your shirt pocket or pants pocket.
AirPatrol’s Zone Defense solution is conceptually quite simple: location sensors, each of which can cover about 2,200 square feet, are deployed within a building (a minimum of three sensors are required per space for triangulation purposes). These sensors provide continuous monitoring of all Wi-Fi- and cellular-enabled devices within their detection area, updating the location of each device about every three seconds. Through a single console, all devices can be monitored in real time, providing MAC addresses, association states and other information about each device.
If a device requests access to the corporate network, an agent is first downloaded to the device with the owner’s permission. If an unauthorized/agentless device is active within the monitored space, Zone Defense will alert the security team or other monitors to warn them of the potential security threat.
Once the agent is active on the device, location-based security policies will be enforced that can enable or disable certain features of the device. For example, if a particular room with sensitive information is defined as an area in which mobile device cameras and microphones should not be enabled, any device entering that zone will automatically have its camera and microphone disabled until it leaves that zone, although all other functions of the device will continue to operate normally. Moreover, the policy can be granular in that certain roles can have functions in a particular zone enabled, while other roles, such as visitors or consultants, can have functions in the same zone disabled.
AirPatrol’s solution, while requiring an agent on the device, is an elegant approach to the BYOD problem because it permits employees and others to use their devices, but with full knowledge and control of the organization’s security or other teams. It can prevent users from accessing the Internet via Wi-Fi or cellular connections during certain hours while connected to the corporate network to prevent security breaches, for example, while re-enabling Internet connectivity once the user has disconnected from the corporate network.
Although the US government is a significant customer of AirPatrol, banks, hedge funds and others are among the company’s customers.