Creating Enterprise Data and Mobility Security
February 5th, 2014 By: Bill Kleyman
More end-users are bringing in their own devices into the corporate setting to get their jobs done. In fact, some users are now utilizing three or more devices, all of which may have access to corporate data.
Furthermore, the numbers around just how much data is being passed through these devices really paints the picture. According to the latest Cisco Visual Networking Index, “The increasing number of wireless devices that are accessing mobile networks worldwide is one of the primary contributors to traffic growth. Each year, several new devices in different form factors, and increased capabilities and intelligence, are being introduced in the market. By 2017, there will be 8.6 billion hand-held or personal mobile-ready devices and 1.7 billion machine-to-machine connections.”
There are some inherent benefits to creating corporate mobility – productivity, worker happiness, less end-point management – but there are also many concerns. IT administrators are already responsible for many devices on their network. Now, there’s the potential that they have to monitor and manage even more.
The most efficient way to approach mobility is to have a well-planned out deployment with good policies in place. Without a doubt, one of the first planning points will revolve around security and how to best manage it with so many devices being brought in.
Here’s the first mind-shift that has to happen. Instead of trying to control the device – you should care more about the applications, workloads, data and experience being delivered to the device. This way you create an optimal delivery methodology which is truly agnostic to the device itself. Still, security must be wrapped into these policies and around the workloads that are being delivered. To that extent – here are some great ways to create mobility and data security.
- Use Enterprise/Mobility Management Platforms. The rise of the mobility revolution meant that there had to be a technology that would help administrators manage both devices and the data flowing through them more efficiently. Working with these management platforms can have a lot of benefits for organizations allowing personal devices to connect to internal network components. Scanning for things like rooter or hacked devices and stopping access from malicious software are all MDM/EDM features. Furthermore, administrators can leverage granular control mechanisms to have better visibility and manageability of end-point devices. If a device is lost or stolen, administrators have the option to wipe only corporate data or the entire device remotely. Finally, these platforms can directly optimize how applications and other content is delivered to the user – by creating adaptive orchestration policies.
- Lock down applications and workloads. A large part of the mobility and data control environment resides with various virtualization technologies. In creating a good mobility security policy, administrators have to find ways to lock down their applications, various data points and even desktops. By using next-generation technologies, administrators can limit access to all or even part of an application or workload. Above and beyond just controlling how the end-point accesses the environment, user and data controls should be deployed to better manage mobility-enabled devices.
- Deploy next-generation security. Enterprise security has come a long way. Physical firewalls are no longer the end-all security solutions. Now, administrators can deploy specific security processes on dedicated virtual or physical devices. In working with next-generation security products, administrators are able to really lock down the access into their network.
For an enterprise mobility initiative, next-gen security can help with some of the following tasks:
- End-point device interrogation.
- Access based on the device, location, and user.
- Using application firewalls.
- Deploying virtual appliances as secondary checkpoints or isolated controllers for end-user personal devices.
- Deploying adaptive two-factor authentication methods driven by secure certificates.
- Data access monitoring.
- Data Leakage Prevention (DLP), Intrusion Prevention/Detection Services (IPS/IDS)
The term “next-generation” security really focuses on the new types of IT initiatives currently being deploying by many organizations. A part of that includes mobility, device, and data management. Terminology aside, if you’ve purchased a network access controller, security appliance, or some type of gateway technology – chances are that your device has some next-generation security features already built-in. Use your appliances – both virtual and physical – to their fullest capabilities to deliver a truly powerful computing experience.
Create Mobility and Data Usage Policies
An organization may have the best infrastructure in place for mobility; however, an uninformed user can still be a very dangerous asset to have to manage. User empowerment and education has come a long way in the IT field and many are much savvier than they are given credit for. In light of this, their usage of corporate data on personal devices may actually make them (accidentally, in most cases) more dangerous. First of all, there needs to be a corporate mobility policy in place. In many instances, this is an extension of the existing computer usage policy. Users must know that although the devices they are using are be personal, the data they are viewing is still corporate-owned. Because of this, their data usage or even working session may be monitored and controlled. Although visibility into the personal device will be limited by privacy regulations – all data accessed from the central data center may be monitored and user activity logged.
Creating a happier worker can have many different benefits. However, security and integrity of corporate data must be one of the top priorities. The beauty of today’s security technologies is that administrators are able to still deliver a powerful computing experience while locking down their infrastructure. When working with modern mobility trends, the main rule is simple: never allow a free-for-all to occur.
Although many devices may be allowed – IT administrators should still limit the types of devices they allow on their network. In many cases, to access corporate data, the end-user may need to install some client software. To ease management, IT should supply a hardware list which is capable of supporting the client on various end-point platforms. In doing so, the user can still bring in their own devices, access the data, and IT will be able to secure and control the experience.
Bob HobsonPosted February 6th, 2014
One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.