Corporate IT must address employees’ indifference to IT policy
- — 08 November, 2012 10:27
Now that employees increasingly expect the workplace to provide secured any time, anywhere connection – whether over 2G or 3G networks or Wi-Fi, for both personal and business tasks – it’s clear that IT management has lost its mandate on the choice of smartphone and tablet access in the corporate setting.
Today’s new workforce is not willing to allow IT to dictate which handheld platforms they can use because they prefer their personal technology to what employers provide. Recent surveys suggest about 70 per cent will use whatever application, device or technology they want, regardless of corporate IT policies. With less than half sticking to company issued devices, IT must try to keep up.
While many of the technologies that enterprises adopt for their information systems have roots in consumer applications, employees are extending their workday and increasing office efficiency by leveraging the same technology they use to enhance their personal lives— in particular, smartphone and tablet devices.
The biggest threat to security is from users themselves, who are increasingly using their mobile devices with scant regard for IT policies (e.g., playing games or checking personal emails while connected to corporate networks). Increasingly, mobile device usage is placing great pressure on corporate network resources, especially when users consume high-bandwidth content such as video.
The combination of these factors presents IT departments with a serious dilemma. On one hand, smartphones and tablets are simply too powerful and useful for businesses to ignore, empowering users in completely new ways and enabling them to work far more flexibly and productively. Security must be seen to be enabling the business, rather than holding it back from the rewards many of these new devices offer.
Challenges of multiple devices
Enterprises need an agnostic approach that supports multiple platforms for their users, as well as provides contingency for access continuity. A global business cannot depend solely upon the viability of a single smartphone vendor’s platform, but instead, must deploy smartphone solutions that are able to facilitate multiple platforms.
The sheer volume of interactive Web 2.0 and streaming media traffic over smartphones can affect corporate bandwidth and wireless network throughput. Some of these applications, such as streaming video applications, constantly evolve to avoid control. In addition, like any web-facing endpoint device running applications over the network, smartphones present a potential channel for forced denial-of-service attacks.
The proliferation of smartphones in corporate environments creates new and wider potential for data loss and leakage, whether by theft, unauthorised access or unauthorised transmission. Determined professionals can ultimately undermine even “unhackable” smartphone platforms. In addition, thieves can thwart attempts by IT to wipe data remotely by simply by removing the SIM. The widespread practice of “jail breaking,” or opening a phone to customise its features or functionality (such as to overcome restrictions on alternate mobile service carrier networks), also poses a serious security threat.
Most agree that enterprises should be able to enforce several basic security features on any mobile device, including mandatory passwords, over-the-air device wiping capabilities and data encryption on the device itself. In practice, the choice of the platform itself will determine the effectiveness of the overall policy. Not all mobile devices are equal, and some vendors make it harder than others to enforce rigorous security protocols and policies.
Top five ways to secure mobile devices
1. Establish reverse web proxy and/or SSL VPN. This secures smartphone and tablet access from outside the perimeter. By providing standard web browser access to web resources, reverse proxies can authenticate and encrypt web-based access to network resources. Reverse proxy delivers access agnostically across platforms. Agent-based encrypted SSL VPN tunnels add easy “in-office” network-level access to critical client-server resources from both laptops and smartphones.
2. Add strong authentication. An effectively secure solution should integrate seamlessly with standard authentication methods such as two-factor authentication and one-time passwords.
3. Scan traffic through a next-gen firewall. Smartphones and tablets can act as conduits to enable malware to cross the network perimeter, even over WiFi or 3G/4G connections. Integrated deployment with a next-gen firewall can decrypt and scan smartphone and tablet traffic coming from outside the perimeter. Integrating a next-gen firewall with 802.11 a/b/g/n wireless connectivity can scan and decontaminate WiFi traffic when the smartphone user is inside the perimeter.
4. Control app traffic. In general, smartphones and tablets are either critical business solutions or personal time-wasters. Application intelligence and control technology can enable IT to define and enforce how application and bandwidth assets are used.
5. Prevent data leakage. Data leakage protection for devices used inside the perimeter can scan outbound traffic and take policy-driven action to block or allow file transmission based upon watermarked content.
Sandeep Joshi is country manager at Dell SonicWALL.