Lookout Endpoint Security
Endpoint Security

April 4, 2019

min read

What is Lookout Continuous Conditional Access?

To create trust for devices in a post-perimeter world, Lookout Continuous Conditional Access works behind the scenes, dynamically monitoring the health of the endpoint while the user is connected to the enterprise.

Today, organizations must adopt a post-perimeter security architecture in order to ensure that corporate data is protected, while not hindering employee privacy and productivity. Part of this architecture is ensuring that device health is continuously checked against corporate security policies in order to allow access to corporate data, again, without impacting end user privacy.

Since mobile devices are both personal and corporate, with personal and business apps living side by side, IT needs to know that certain apps on employee devices meet the compliance requirements and do not pose a risk to the organization --rather than knowing the specific apps a user has on his or her device. In this way, IT can require risky apps be removed from the device as a condition for accessing corporate data. The device is made compliant and trustworthy, without IT impacting user privacy by knowing all the apps a specific user has on their device.

Assessing device health using an endpoint protection solution is a crucial aspect of the post-perimeter security architecture. As many of today’s corporate workflows no longer go through an organization’s firewall with growing use of cloud services that enable mobile users, critical perimeter security services must move to the endpoint. Only through a post-perimeter security approach, can policies can be enforced, in real time, based on an enterprise’s specific risk tolerance.

How Lookout Continuous Conditional Access works

With Lookout Continuous Conditional Access, we ensure that devices accessing corporate data are both secure and always compliant with corporate policies. For example, with continuous conditional access, when an end-user tries to access a corporate application like Gmail on an unmanaged device, Lookout will scan the device to ensure that the device is healthy. If the device is healthy and meets compliance requirements, then the user can continue to access corporate resources. However, if the device becomes unhealthy based on Lookout device health score or becomes non-compliant with corporate policies, the admin can take actions which includes blocking access to corporate resources from that device. This can happen at any point of time, even while the user’s session is still active. The policies and levels of controls can set with custom policies by IT admins in the Lookout Mobile Endpoint Security console.

Last week at Google Cloud Next, I was on stage demoing how Lookout provides Continuous Conditional Access to G Suite through integration with Cloud Identity during the “Unify Mobile and Desktop Management From the Cloud” session. If you are interested in learning more, you can view a recording on the session here.

Learn how Lookout and Google Cloud Identity work together in the Post-Perimeter Security Alliance.