• Android Enterprise (Android For Work) Deployment
• Apple DEP deployment for Corp devices
• Mobile Threat Defense POC

Use Case

• VMware Airwatch 9.0 &
  Appthority MTP 1.0 Integration
• Global Rollout
• Financial Services Industry

Mobile Use is Growing in Every Company and PayPal is No Exception.

A mobility program that includes the option to use their device of choice helps keep the company’s 18,000 global employees productive and happy. But as mobility increases, so do security risks to sensitive company data from the use of mobile devices.

APPTHORITY AND AIRWATCH INTEGRATION ADVANTAGES

• Combine AirWatch security policies and remediation with real-time threat detection policies in Appthority MTP
• Use the Appthority EMM Connector to automate compliance and remediation workflows within AirWatch
• Extend investment in the AirWatch solution and associated infrastructure, operations, and governance work
• Guide users in responding to threats with automated alerts via the on-device Appthority app

A Wake-Up Call for Stronger Mobile Security

When the Stagefright malware attack hit Android mobile devices in summer 2015, it was a wake-up call for many enterprises, including PayPal, to increase the security of their mobility programs. The company wants to maintain strong data security as part of its brand promise to deliver a leading platform for financial transactions. But it also wants PayPal employees to be able to work anywhere using their own devices (BYOD) or company-owned, personally enabled (COPE) devices.

Extending the Reach of Secure Mobility Management

PayPal chose the Appthority MTP solution for its strong integration with the company’s existing VMware AirWatch enterprise mobility management (EMM) system. The PayPal team defined security and privacy policies and tailored remediation rules in AirWatch, which manages the enforcement actions while Appthority MTP provides IT and employees with threat intelligence.

Now, Appthority MTP detects app threats using the inventory of apps loaded on mobile devices that are registered to AirWatch. When a malicious app is detected by Appthority MTP, the integrated solution speeds remediation by activating an alert from AirWatch instructing the employee to remove the app. Per PayPal’s policy, if the app remains after 24 hours, the employee is notified that AirWatch will block corporate email and network access until that app is removed—a strong incentive for the employee to take the right action. 

PayPal Uses Appthority’s Industry Leading Automated App Analysis to Evaluate its Enterprise Apps in Two Ways:

1. To vet its internally-developed apps, making sure they are free of malware and security vulnerabilities before releasing them to its corporate app store.
2. To vet commonly used third-party apps that are distributed in the AirWatch app catalog.

Phase 1 of the new mobile security program has seen a 90% enrollment rate among PayPal employees globally within the first eight months. Most employees with a BYOD device chose to participate, registering their device in AirWatch and installing the Appthority mobile app from the AirWatch App Catalog. When security is fully rolled out, PayPal expects to support 10,000 registered mobile devices, evenly split between the BYOD and COPE programs.

Minimizing the Business Impact of Mobility Threats

With the integrated Appthority MTP and AirWatch solutions, PayPal gains several benefits for its business and its mobile employees.

Protection from mobile threats. The absence of a breach of consumer or merchant transaction data originating on a mobile device is a big win for PayPal, protecting the company brand and the trust of consumers and merchants for continued company success.

Appthority MTP continuously protects against active and potential threats such as user privacy risks, operating system updates, malware, and man-in-the-middle attacks. The ability to identify zero-day threats as they happen helps PayPal take fast action to mitigate their impact on employee productivity and business operations.

Unseen before implementing Appthority MTP, malicious apps from official iOS and Android app stores that can control the device, steal credentials, take screenshots, and make calls are now detected in real time. Apps that expose network communications to a man-in-the-middle attack are also detected and remediated along with suspicious mobile apps that connect to servers in countries where PayPal does not conduct business.

These actionable results demonstrate the proactive capabilities of Appthority MTP in evaluating suspicious activity before it becomes a zero-day threat. Moreover, the PayPal mobility team can remotely wipe corporate data and apps from devices if needed, which helps to maintain compliance with financial and privacy standards.

Visibility into internal and external security risks. By adding Appthority for mobile security, PayPal has much more granular visibility into mobile threats in its environment.

Balance of mobility and security. The flexibility in the integrated AirWatch and Appthority MTP solution allows PayPal to evaluate various policy settings for optimal protection without imposing cumbersome or unnecessary restrictions on employees.

Employees appreciate the risk guidance from Appthority which gives them the ability to access work and personal data on the same device without needing to give up the privacy of their personal information or to allow a wipe of the entire device if it becomes a security risk.

IT also appreciates that employees are able to remediate risks and enhance security without increasing the load on the security team.