Notifications
Clear all
Topic starter
25/06/2026 10:41 pm
TL;DR: Remote secure mobile device management ties BYOD risk to identity control, arguing that PKI and MDM together give enterprises stronger visibility over devices, access, and authentication than passwords alone, according to DigiCert. The core issue is not remote work itself but the assumption that device trust can be inferred from network access.
NHIMG editorial — based on content published by DigiCert: Remote Secure Mobile Device Management
Questions worth separating out
Q: How should security teams govern BYOD devices that access corporate resources?
A: Security teams should treat BYOD as a conditional trust model, not as ordinary endpoint access.
Q: Why do personal devices increase remote access risk?
A: Personal devices increase remote access risk because the enterprise does not control the full patching, configuration, and software stack.
Q: What breaks when device identity is not verified for VPN access?
A: When device identity is not verified, VPN access can become a trust shortcut for any endpoint that knows the user’s credentials.
Practitioner guidance
- Classify every remote device by trust level Separate fully managed corporate devices, partially managed BYOD endpoints, and unmanaged personal devices in access policy so remote access rules reflect real control, not assumption.
- Require certificate-based authentication for high-risk remote paths Use device certificates for VPN, Wi-Fi, and internal application access where password-based trust is too weak to prove endpoint identity.
- Tie MDM policy to access approval Block or restrict network access when device posture, encryption status, or configuration drift falls below the approved baseline.
What's in the full article
DigiCert's full post covers the operational detail this post intentionally leaves for the source:
- Specific examples of how PKI supports VPN and Wi-Fi authentication for remote devices
- The device-control functions MDM can enforce remotely across a distributed workforce
- Why the article argues passwords alone are insufficient for enterprise device access
- How the source frames the relationship between device identity, access control, and remote work
👉 Read DigiCert's post on remote secure mobile device management →
BYOD device trust and identity controls for remote access?
Explore further
25/06/2026 11:19 pm
Device trust is now an identity decision, not just an endpoint decision. The article describes a world where employees connect from personal and unmanaged hardware, which means the enterprise is no longer authorising only a person. It is authorising a person plus a device with its own patch state, local exposure, and compromise risk. That shift matters because identity programmes that stop at user authentication leave a second trust problem unresolved. Practitioners should treat device identity as part of the access policy surface.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should own device trust decisions in a BYOD programme?
A: Device trust should be owned jointly by identity, endpoint, and security operations, with clear accountability for certificate issuance, posture enforcement, and revocation. If ownership is fragmented, the organisation will not know who can approve access, who can change trust state, or who must remove it when risk changes.
👉 Read our full editorial: Remote secure mobile device management for BYOD identity control
