In the early days of the mobile workforce, simply having secure access to corporate email and calendars was enough.
BlackBerry was the mobile device of choice, and IT was able to provide fast, easy access to calendars and email. As the BYOD trend grew however and the variety of mobile devices increased, so did security risks.
IT nowadays has no choice but to deliver a simple mobile user experience for a wide variety of business workloads, while keeping management complexity and network security threats to a minimum. If IT cannot enable the access that employees need, they will figure it out for themselves – and their route to the network will likely break down the current line of defense against threats.
How to protect corporate data from theft and loss
When it comes to back-end applications and data, there is a lot of data to protect. The greatest risk to a business is from unauthorised users who gain access to back-end systems via lost or stolen personal devices.
To help combat this issue, it is critical that a mobile user be authenticated before being granted access. Authentication to data and apps needs to be enforced to ensure that if a device is lost or stolen, an unauthorised user can’t use that device to gain private and confidential information. Two-factor authentication, and network access controls can protect against this unauthorised mobile access and guard the corporate network.
Consider data in flight, which is likely to contain fresh, sensitive data. Even though the quantity of data lost or stolen in an in-flight traffic interception is likely to be less, the potential for damage to the business is still there, particularly if the user is utilising an unencrypted public wifi network, which is an easy target for hackers looking to intercept data. In order to prevent this, businesses need to encrypt data, which is typically accomplished using SSL VPN connections between mobile devices and corporate data.
Lastly, a business needs to protect the data stored at rest on mobile devices. Again, if a device is lost or stolen, there is the risk of data falling into the wrong hands. Because the storage footprint of mobile devices is limited, the amount of data at risk on the device is probably equally limited, but unauthorised access to sensitive data stored on mobile devices can still wreak havoc for the business.The best way to protect data stored on mobile devices is to encrypt it. Additionally organisations can protect with enforced device password protection and device wipe.
Protecting from malware attacks
The importance of protecting from malware attacks cannot be stressed enough. Historically, IT protected corporate networks and computer environments by allowing only trusted devices and users to connect to the network. They could also limit the potential for devices to introduce malware onto the network by controlling and managing laptop configurations and software images. BYOD now means that IT no longer manages or has control of these devices; workers independently choose their smartphones and tablets, as well as the applications and services they use to address both business and personal needs.
The good news is that most apps designed to run on smartphone and tablet operating systems undergo stringent review and are white-listed before becoming available for download. If a smartphone has been jailbroken or rooted, however, it may be running apps that haven’t been though the review process and could pose additional security risks. To protect the network from invasion of mobile malware, IT must prevent jailbroken or rooted devices from accessing the network. IT must be able to interrogate devices to determine the security state before granting network access. Only devices that meet configured security policy requirements should be allowed on the network. Those that don’t should be redirected to a portal for remediation or denied access.
Mobile users surfing the web, clicking on URLs or downloading files can trigger hidden malware that infects devices, which then can become a conduit for attacking back-end systems and data. Deploying next-generation firewalls helps uncover hidden malware and block threats. Increasingly, cyber-threats are hidden in SSL traffic evading detection. The newest generation of firewalls, called next-gen firewalls, can scan traffic in real-time without impacting network latency or performance and help prevent malware attacks hidden in mobile traffic.
In today’s BYOD mobile worker era, IT must be prepared to protect corporate data from both theft and loss. With the strategies mentioned, IT can prevent mobile traffic and devices from becoming conduits for malware attacks that affect corporate systems put companies at high risk.
About the Author
Ian Hodge is the Managing Director of Dell Software Australia-New Zealand.