In the early days of the mobile workforce, simply having secure access to corporate email and calendars sufficed. BlackBerry was the mobile device of choice, and IT was able to provide fast, easy access to calendars and email. As the variety of mobile devices increase, so do security risks.
The mobile workforce - no longer satisfied with limited access – wants access to all the applications and data needed to perform all job tasks from a multitude of personal mobile devices, anywhere, anytime. Therein is the challenge for IT. The use of personal devices to access corporate resources puts a different spin on network security because IT no longer controls those devices.
IT has no choice but to deliver a simple mobile user experience for a wide variety of business workloads, while keeping management complexity and network security threats to a minimum. If IT cannot enable the access employees need, they will figure it out for themselves – and their route to the network will likely break down the current line of defense against threats.
In today's bring-your-own-device (BYOD) mobile worker era, IT must be prepared to protect corporate data from theft and loss, as well as prevent mobile traffic and devices from becoming conduits for malware attacks that affect corporate systems and data.
How to protect corporate data from theft and loss
When it comes to back-end applications and data, there is a lot of data to protect. The greatest risk to the business is from unauthorized users who gain access to back-end systems via lost or stolen personal devices making it critical that a mobile user be authenticated before being granted access to back-end data and applications. Secondly, authentication to data and apps needs to be enforced so that if a device is lost or stolen, an unauthorized user can't use that device to gain access to back-end systems. Organizations must protect against unauthorized mobile access to the corporate network with strong authentication, such as two-factor authentication, and network access controls.
Next, let's consider data in flight, which is likely to contain fresh, sensitive data. Even though the quantity of data lost or stolen in an in-flight traffic interception is likely to be less, the potential for damage to the business is still there, particularly if the user is utilizing an unencrypted public Wi-Fi network, which is an easy target for hackers looking to intercept data. In order to prevent this, businesses need to encrypt data, which is typically accomplished using SSL VPN connections between mobile devices and corporate data.
Lastly, is the data stored at rest on mobile devices. Again, if a device is lost or stolen, there is the risk of data falling into the wrong hands. Of course, because the storage footprint of mobile devices is limited, the amount of data at risk on the device is probably equally limited, but unauthorized access to sensitive data stored on mobile devices can still wreak havoc for the business. The best way to protect data stored on mobile devices is to encrypt it. Additionally organizations can protect with enforced device password protection and device wipe.
Protecting from malware attacks
Now let's talk about protecting from malware attacks. Historically, IT protected corporate networks and computer environments by allowing only trusted devices and users to connect to the network. They could also limit the potential for devices to introduce malware onto the network by controlling and managing laptop configurations and software images. Now, IT no longer controls or manages these devices; workers independently choose their smartphones and tablets, as well as the applications and services they use to address both business and personal needs.
The good news is that most apps designed to run on smartphone and tablet operating systems undergo stringent review and are white-listed before becoming available for download. If a smartphone has been jailbroken or rooted, however, it may be running apps that haven't been through the review process and could pose additional security risks. To protect the network from invasion of mobile malware, IT must prevent jailbroken or rooted devices from accessing the network. IT must be able to interrogate devices to determine the security state before granting network access. Only devices that meet configured security policy requirements should be allowed on the network. Those that don't should be redirected to a portal for remediation or denied access.
Mobile users surfing the web, clicking on URLs or downloading files can trigger hidden malware that infects devices, which then can become a conduit for attacking back-end systems and data. Deploying next-generation firewalls helps uncover hidden malware and block threats. Increasingly, cyber threats are hidden in SSL traffic evading detection. The newest generation of firewalls can scan traffic in real-time without impacting network latency or performance and help prevent malware attacks hidden in mobile traffic.
With each of these strategies, IT can help prevent corporate data from theft and loss.