ras-slava - Fotolia

Get started Bring yourself up to speed with our introductory content.

How can geofencing improve an enterprise security strategy?

Geofencing technology creates a virtual fence on employee devices, adding a crucial extra layer of security. But do privacy concerns negate the benefits of this feature? Expert Michael Cobb explains.

Some companies are adding geofencing to their mobile device management products to improve security. How does this...

work? Is it something that enterprises should look for in an MDM product, or are there alternatives for limiting the effective usage range of a device?

Geofencing technology has been around for quite some time. It uses a combination of GPS and cellular triangulation to define geographical boundaries -- a virtual fence -- and then combines awareness of a user's current location with awareness of the user's proximity to these predefined locations. Apps on location-aware devices can make use of geofences to trigger different types of actions as the user enters or exits a geofenced location. There are already a host of applications and services that make use of geofencing to alert users when they are close to a point of interest, send them location-based ads and so on.

Geofencing can also be used to provide an additional layer of access control to company resources and help simplify managing BYODs by automatically changing app and data access rights based on the device's location. For example, apps can appear or disappear based on the GPS location of enrolled mobile devices relative to geofence boundaries, while presentations or sensitive documents can have access locked to designated conference or meeting rooms. More granular security could be added by combining timing restrictions with geofencing, which would be ideal for sensitive board meetings, stock price sensitive press announcements or during business negotiations. Smartphone features that represent a security risk -- such as a camera or microphone -- could also be disabled to ensure visitors can't take pictures or record meetings when they enter particular secured areas, for example.

Geofencing can also be used as part of a data loss prevention strategy. Administrators could receive alerts, for example, if a company-owned device leaves the building, or it could automatically get bricked if it contains sensitive data -- such as a tablet that holds warehouse inventory data or patient records.

While geofencing can add innovative access control, it isn't perfect, and there are some downsides to its use. On certain devices, the GPS lock can be spoofed; this means to be reliable as an enterprise security strategy, geofencing can't rely solely on GPS location data, but must use local Wi-Fi and Bluetooth beacons that cannot be spoofed. At least these last two are not a huge drain on a device's battery -- which GPS is.

There is, of course, a big privacy issue with tracking people's whereabouts. By its very nature, location data is difficult to anonymize. Employees and contractors may be okay with having a geofencing security app installed on their mobile devices, but clients and suppliers may not be so keen. It also requires informed consent by employees with the option to disable GPS tracking outside of work locations.

Geofencing is starting to appear in mobile device management software to help improve the BYOD enterprise security strategy, but it can be tremendously intrusive -- which means that its introduction has to be carefully managed.

Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn more about geofencing in mobile device management products

This was last published in September 2015

Dig Deeper on BYOD and mobile device security best practices