Tip-toeing around security controls
With the rise of IT consumerisation, business executives are asking for tablets such as iPads and Galaxys, while employees are increasingly bringing into the work environment their personal devices, primarily smart phones, laptops and tablets to access corporate resources, reports Kendra Ross, Director and Pete Irvine, Pre-Sales Consultant, DUO New Zealand.
A proliferation of personal mobile devices brings a threat vector that is seeing a shift away from the network perimeter, attacking this new frontier of mobility. Resellers and vendors, as well as IT personnel, need to work with clients to balance the need for supporting the business and its key drivers for technology with the need to secure these devices and the enterprise. The threat goes beyond leaked or stolen data, in that one lost device can cause extensive brand damage and the irrecoverable loss of customers.
The opportunity for the creators of malware to leverage mobile devices in an attack on personal and corporate information systems is growing at an alarming rate. Gartner recently recognised the risk of the threat moving from the network perimeter to mobile devices. In March this year, reporting over 50 apps in their Gartner store were infected with Trojans – at least 21 have since been pulled.
Add into this equation that over one million websites are infected with Malware (up from 500,000 12 months ago) and many users browse these from their smart devices. Users and enterprises may not consider or even be aware of the malware risk on phones and the speed at which the risk is developing across the globe. Without the defense of malware protection the risk is enormous.
Mobile devices have become an essential and standard business tool that can be owned by employers or by employees. As mobile devices are imbued with the functionality of a PC, they present an even greater threat, as they are inherently less secure, while possessing greater connectivity generally.
Executives and mobile workers have the right to be genuinely excited by the real value and productivity these modern mobile devices bring to their working lives within the business and outside, be it from home, an airport or a WiFi hotspot.
As the population of Gen Y employees expands in the workplace, they are never without digital devices. They are the champions of seizing new technologies, especially in the mobile sphere. Their devices tend to out-spec the corporate asset available to them and with a trend to reduce costs and give employees an allowance, rather than an expensive laptop or smart device, the drivers are there for employees to want to use their device to access email and corporate applications.
Securing your control points
Connectivity
Turn off unused communications options. Secure Bluetooth, InfraRed, WiFi and WiMax connections.
Inventory
Keep track of the device population. Minimise device delivery.
Software
Disallow unsigned applications. Install data encryption software, data loss prevention software, remote data deletion.
Policy
Mobile device usage policy. Security policy.
As a reseller or vendor, special attention should be given to securing your customers’ wireless networks. To ease the management of these devices, using a public access WiFi network with a VPN server at the border enables the mobile device user to connect easily and secures all communications within and outside the office.
Ultimately, to get full control of smart devices touching the enterprise you need a full mobile access suite. Products like Check Point Mobile Access Blade offer cross-platform security and control of devices such as iPhones, iPads, Windows devices and Androids. Solutions such as this need to provide enterprise grade remote access via SSL VPN to allow safe, secure and simple connectivity to email, calendar and corporate applications.
If a device is lost or stolen it is imperative that the business has the ability to remotely kill the device or, at the very minimum, lock it securely. Remote kill can be done while leaving the user’s personal data intact.
Compliance must be included in the solution. Management of the devices allows the System Administrator to ensure the devices are fully compliant before they can touch the network. If the devices are infected then access is denied or the users should be offered links to self-remediation resources.
Any solution offered to the enterprise must be user-friendly. If a barrier to use, users will find ways around the secure solution and again put the enterprise at risk