Showing results for 
Search instead for 
Did you mean: 

Are Integrated MDM/EMM and IAM Vendors Really Zero Trust?

Iron II
Iron II

Zero trust as a strategy is essentially to trust nothing, verify everything. A colleague and I had an interesting chat the other day where we examined how that concept applies to the intersection of device management and identity. I created a decision tree that assesses the positive and negative consequences of accepting certain risks.

Those risks flow from these scenarios:

  • IAM vendor A has partnered with MDM/EMM vendors B and C. The IAM system implicitly trusts the MDM. The question we raised to each other was "since when is an integration zero trust?"
  • Big vendor D has a patchwork of services, which requires different teams to manage identities and devices. There's internal trust that an insider risk such as a "careless insider" won't drop the ball.
  • Vendor E offers integrated IAM and MDM/EMM for a unified approach w/ policy management

Feel free to take a look and add to the discussion. Zero Trust is a strategy, not products, and there are some very appealing solutions on the market. Each has its respective strengths and weaknesses (glass houses and all that).