Mobile and remote systems extend the corporate network to locations never reached before and, at the same time, place new demands on enterprises to ensure their data is protected.
We are all becoming increasingly aware of the need for data security to reinforce business confidence in mobility, but the challenges associated with ensuring security are greater than ever. In addition, requirements for compliance with security standards are becoming more common and new malicious threats to security seem to appear almost weekly. The potential benefits of mobilising an organisation are significant and undisputed, however the only challenge is to protect the enterprise and its customers.
1: Secure the device and data
Example of the risk: One of your company's top research scientists absentmindedly leaves his handheld at a table in a popular coffee shop. His sensitive research is vulnerable to theft and he did not back up his most recent work.
Solution: To ensure device security, administrators must centrally control user authentication through features such as power-on password and management of user access to applications and data. Data stored on the device must be encrypted, and IT must be able to lock down or delete data from misplaced devices, as well as back up and recover critical information.
2: Guard against malicious code
Example of the risk: Your top sales rep logs on to check e-mail between prospecting appointments. She accidentally opens an attachment she did not recognise. It contains a nasty computer virus. Her device has antivirus software, but it is terribly out of date.
Solution: To keep devices safe from viruses and hackers, IT must transparently distribute and install antivirus updates and software patches. Effective frontline security proactively monitors and enforces systems and application settings each time a device connects and keeps track of who need which updates. Crucially all this is done without the need for any user intervention.
3: Secure connections to corporate networks
Example of the risk: Your IT director accidentally leaves his handheld in the airport terminal just before he boards a flight to return home from a conference. His device contains cached passwords that would allow anyone with computer knowledge to gain access to your network.
Solution: To secure data during transmission, effective front-line security must authenticate users and devices during each connection to the corporate network. In addition to ensuring safe data transfer over the network through encryption, IT must check the device for compliance with security standards for antivirus software, patch levels and personal firewall settings before allowing a connection.
4: Block network-based intrusion
Example of the risk: Your sales rep is at the local coffee shop, taking advantage of the available wireless network hotspot to review e-mail on his handheld device. At the same time, a competitor's rep sat across the other side of the restaurant is busily trying to use the wireless network to gain access to your rep's contact database.
Solution: To limit unauthorised access to corporate data, administrators must transparently distribute, install and maintain personal firewalls. At every connection from the front lines, software settings must be enforced and intrusion attempts must be monitored. With systematic reporting and alerts, administrators can identify and correct weak points in the network to limit intrusion.
5: Centralise control of policies
Example of the risk: Your new corporate security policy has covered all the bases. Unfortunately, not every department has completely adopted it yet. Your IT experts suspect problems are originating because of this but do not have evidence to prove it.
Solution: To unify security practices across different user groups, security policies must be centrally controlled. Consistent reporting must be available to audit policies and ensure they are enforced. The benefits to be gained from the growing number of mobile devices and technologies will continue to grow. Mobility projects that maintain central control while still considering usability for end-users creates effective solutions that will thrive. Those that take a head-in-the-sand approach will be left in the dust.
Security and management are interdependent
For mobile solutions to deliver on their promise, both security and management are necessary requirements. There are many common factors between them. So much so, that security and management need to symbiotic in order to be successful.
The requirements include:
Scalability - without combined security and management any solution is at risk of failing or not delivering on its objectives. The larger the solution, the greater the risk. Failed solutions lead to a waste of time, money and resources.
Centrally defined and enforced policies - these ensure the appropriate levels of functionality are applied to the appropriate groups of users ad/or devices.
Visibility, control and configuration - security and management both require clear visibility to and control over the state of the device - applications installed, files present, configuration, etc.
People - administrators have a single place to control all their policies while minimising the burden on users through a single approach. Users rightly should be focused on their jobs and should not be burdened by the technology.
Security - Need to control management changes to the configuration of the device. Management: need to control and update security changes like antivirus, firewalls, patches, etc.
Logging and reporting - enterprises need the audit trail of management and security changes. This data is necessary for generating exception reports, auditing and for compliance purposes.
Sensitive data needs to be protected across large numbers of applications, devices and networks and all companies from the smallest to the largest organisations need to unify security practices across their entire business.
Julie Tomlinson, director of mobile business, Sybase SA