Week 5 of Citrix’s Business Bootcamp will empower you to build a secure IT environment without compromising workforce mobility
As you move to the cloud and rollout your subsequent enterprise mobility strategy, there is one critical area you must not overlook – IT security.
Enabling employees to access data and work on the move from any device is great for your business, but it has the potential to open security gaps you can’t afford to leave exposed. For instance, what would the business impact be if a device holding sensitive customer data was lost or stolen, or if the corporate network was hacked? What about if you were using solutions that did not comply with industry standards?
A balancing act
An effective security strategy today must include smart policies built for modern needs, rigorous enforcement across platforms, and deep monitoring and reporting – as well as empowering employees to move across locations, networks and devices.
Undoubtedly it’s a fine, albeit very importance balance.
If this sounds daunting and complex don’t worry, you’re not alone. According to Microsoft four out of ten SMBs have concerns about the security of their data[1].
The reality is though, if you deploy the right technologies when embracing cloud and building your mobility strategy its likely security features will come built in. For example, the Citrix technologies needed to create a Workspace-as-a-Service platform are secure by design to deliver complete data protection while meeting the needs of your business, IT, and employees.
To help you build a secure IT network which enables you to realise the full benefits of mobility, we’ve outlined seven guidelines to follow:
- Manage and protect what matters: Considering the number of devices being used to access data and applications – personal and corporate – it’s no longer realistic for IT to control and manage every aspect of the environment. Instead, focus on what matters most to your business and choose the model making the most sense for your business and use cases.
For instance, if you want to manage and control the mobile devices accessing the network mobile device management solutions such as Citrix’s XenMobile allow you to do this; enabling you to encrypt sensitive data, remote lock and wipe information in case of theft or loss, and rapidly enable and disable access capabilities when you have new joiners or leavers.
- Think ‘user experience’ first: Today, we expect business IT to give us the same level of freedom and convenience we’ve become used to with our consumer devices. To address this it can be helpful to sit down with employees and find out their needs and preferences to ensure your mobility strategy will give them what they really want, while allowing you to set expectations and ensure your people understand IT’s own requirements and the policies and regulations it must adhere to.
- Avoid the quadruple bypass: The quadruple bypass represents the worst case scenario for enterprise security: a BYOD user on a consumer-grade device using sensitive enterprise data and going directly to the cloud. This approach completely bypasses the control and visibility of IT – and is alarmingly common.
To ensure you do not fall victim to the quadruple bypass, you need to give employees an incentive to use the IT available by ensuring it delivers a superior and seamless user experience. After all, employees will always choose the best solution for their needs – so make sure this is your offering!
- Pay attention to your business apps: In business today we rely on a range of applications – mobile through to software-as-a-service. To optimise their value within modern business, you need to think about how people access them. For example, is it realistic to expect someone to update an HR application via a smartphone?
Desktop and application virtualisation solutions enable you to turn business applications into on demand services available on any device, while maintaining control of the data and services being accessed. Citrix’s XenApp allows you to tweak application interfaces and to act like mobile apps for use on smartphones and tablets.
- Define networking requirements: Different applications and use cases have different networking requirements, from a local intranet through to an external partner’s portal. Deploying application deliver controller solutions allow you to implement individual security settings for each business application to deliver seamless and secure employee access.
- Protect sensitive data: This might seem obvious, but many businesses do not know where their most important data resides. To overcome this, look to classify your data under one of three headings – public data, confidential data, and restricted data – so that you can manage access accordingly. If you need to share confidential or restricted data outside of your business network be sure to use a secure enterprise-grade file sharing platform, such as ShareFile, to maintain the required levels of control.
- Build compliance into your solutions: Make sure all devices and enterprise technologies used are compliant with government mandates, industry standards and corporate security policies. Having selected and invested in the various components of your enterprise mobility platform, the last thing you want is to find out they are not compliant with regulations.
Security should not be complex
Meeting security requirements does not need to be a complex or daunting job – for all business it should be something that just happens. Building the above considerations into your IT strategies enables you to build a secure environment without compromising workforce mobility. This is great news for you and your employees who will be able to safely work across locations, networks, and devices.
[1] Australian SMB’s lose 35 working days a year to unproductive time, June 2015. https://news.microsoft.com/en-au/2015/06/24/australian-smbs-lose-35-working-days-a-year-to-unproductive-time/
About the Author:
David Nicol, Director, Workspace Product Sales, Citrix.
Citrix Bootcamp: