Methods and systems for granting access to services based on a security state that varies with the severity of security events

We claim: 1 . A method comprising: receiving, by a software component executing on a server, a request from a mobile communications device for access to a service provider; determining, by the software component, a current security state of the mobile communications device by: processing event security data, generated by the mobile communications device regarding security events on the mobile communications device, to determine severity levels for the security events, and using the determined severity levels to assess the current security state of the mobile communications device; comparing, by the software component, the current security state to a policy associated with the service provider, the policy specifying a first minimum security state of a device required for access to the service provider to be granted to the device; and, by the software component granting access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state. 2 . The method of claim 1 , wherein: the request also requests access to a service provided by the service provider or requests a task be performed by the service provider; the policy specifies a second minimum security state of the device required for access to the requested service or for access to the requested task to be granted to the device; and granting access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state includes granting access to the service provider, and granting access to the requested service or to the requested task, only when the comparison results in a determination that the current security state meets the required first minimum security state requirement and meets the required second minimum security state requirement. 3 . The method of claim 2 , wherein the service provided by the service provider or the task to be performed by the service provider includes at least one of: a service or task related to viewing data files; a service or task related to editing data files; a service or task related to sending data files; a service or task related to uploading data files; a service or task related to viewing only portions of certain data files; a service or task related to checking an account balance; a service or task related to viewing previous financial transactions; or a service or task related to transferring funds. 4 . The method of claim 1 , wherein the software component is a security component of the service provider and is tasked with receiving access requests intended for the service provider. 5 . The method of claim 1 , wherein: the software component is a security component that is not integrated into the service provider; the software component is tasked with receiving access requests intended for the service provider before the access requests are received by the service provider; and the software component prevents the access request from being received by the service provider when the current security state does not meet the required first minimum security state. 6 . The method of claim 1 , wherein the determining, by the software component, a current security state of the mobile communications device further includes: accessing a database containing security data received from the mobile communications device; comparing the event security data generated by the mobile communications device to security data from the mobile communications device stored in the database; and using the determined severity levels and the comparison of the event security data to the security data stored in the database to assess the current security state of the mobile communications device. 7 . The method of claim 1 , wherein the event security data generated by the mobile communications device is generated by at least one application executing on the mobile communications device. 8 . The method of claim 1 further comprising: receiving, by the software component from the mobile communications device, the event security data generated by the mobile communications device; and causing, by the software component, the received event security data to be stored in a database accessible to the software component. 9 . The method of claim 1 , wherein using the determined severity levels to assess the current security state of the mobile communications device includes: using the determined severity levels and at least one from the group of: historical data for the state of the mobile communications device, and security state information for the mobile communications device stored on the server, to assess the current security state of the mobile communications device. 10 . The method of claim 1 , wherein the policy is based on a risk response implemented by an enterprise that is not the service provider. 11 . A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a server, cause the server to: receive a request from a mobile communications device for access to a service provider; determine a current security state of the mobile communications device by: processing event security data, generated by the mobile communications device regarding security events on the mobile communications device, to determine severity levels for the security events, and using the determined severity levels to assess the current security state of the mobile communications device; compare the current security state to a policy associated with the service provider, the policy specifying a first minimum security state of a device required for access to the service provider to be granted to the device; and grant access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state. 12 . The computer-readable storage medium of claim 11 , wherein: the request also requests access to a service provided by the service provider or requests a task be performed by the service provider; the policy specifies a second minimum security state of the device required for access to the requested service or for access to the requested task to be granted to the device; and the instructions to grant of access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state includes instructions to grant access to the service provider, and grant access to the requested service or to the requested task, only when the comparison results in a determination that the current security state meets the required first minimum security state requirement and meets the required second minimum security state requirement. 13 . The computer-readable storage medium of claim 11 , wherein the service provided by the service provider or the task to be performed by the service provider includes at least one of: a service or task related to viewing data files; a service or task related to editing data files; a service or task related to sending data files; a service or task related to uploading data files; a service or task related to viewing only portions of certain data files; a service or task related to checking an account balance; a service or task related to viewing previous financial transactions; or a service or task related to transferring funds. 14 . The computer-readable storage medium of claim 11 ,