Apr 4, 2016 3:07pm
We are working on using certificates to authenticate on-demand VPN sessions. The concern is that a stolen phone would still access the corporate VPN until the profile/cert is revoked via MDM. Also, someone's child could access corporate assets unchallenged if they are allowed to play with the phone.
Touch ID with a complex "unlock" password for the whole phone will be a good first step. This should handle the "stolen" issue. However, I think a much better solution would be to allow the username and password entered into the Pulse app be cached, and used after Touch ID authentication, the way iTunes/Apple Store allows this.
This would make use simpler for the mobile end user, yet maintain strong security for VPN.