The following article was written by Paul Ponzeka, CTO at Abacus Group, and originally appeared on HelpNet Security.
With the advent of cloud services and the proliferation of high end mobile devices (think iOS devices and Android phones), the workforce is moving inexorably to a mobile one where managers and employees are no longer tied to the office.
What initially started as a movement to the mobile phone/tablet work style has spilled over into full remote computing solutions. Users want to be able to take any device and work from anywhere with no loss of functionality.
From the business perspective, this can send chills up the backs of CIOs and CISOs as this full freedom work solution creates numerous security and compliance challenges. How does a firm protect its data? How does it minimize data leakage? How do managers ensure a lost device doesn’t constitute a data breach? How do they poke holes in the perimeter so their users can work without reducing the effectiveness of their security solution?
Thankfully there are many options available to the security-minded folks in the room. Users can be set up for a productive experience while maintaining the security integrity for the enterprise.
Here are some of the basics:
Ensure all mobile devices that connect to the corporate network do so utilizing Transport Layer Security (TLS), and that the devices themselves are encrypted, password protected and managed by Corporate IT’s Mobile Device Management (MDM) solution.
Make sure that the company’s enrollment requires multi-factor authentication, and allows corporate IT the ability to manage corporate applications and data on the devices. Your organization should look at leveraging features from MDM to restrict the ability of corporate data from leaving the secure “container” of corporate managed applications, preventing leakage of corporate data.
Home computers/laptops, cell phones and tablets should be thought of as one category – mobile devices. Companies need to be investing in the technologies that treat all of those devices mentioned above from the BYOD perspective. Technologies can be used to manage not just iOS and Android but Windows personal computers. And when users are outside the office, organizations can combine with items like Conditional Access to govern how and when your users can access that data.
These systems add a great extra variable into the conversation as to whether a user can access the data. In the past, the conversation may have been “do they have access?” Now it can be, “do they have access when they use a mobile device?” Plus, some data needs to be classified differently. Maybe all of your marketing materials should be accessible remotely, but employee benefits info? It’s okay to have different policies and configurations around the different classifications of data.
Next, align your remote access methods and policies to meet your business requirements. Don’t allow access to documents and data on devices that don’t meet your minimum security requirements or are not managed at the corporate level. Tools such as MDM providers, Endpoint Analysis Scans and Conditional Access from Microsoft can help firms meet this requirement.
Look to embrace cloud native services for a better user experience. Frequently firms will work to try and restrict end users, forcing them into a poor user experience trying to access legacy based systems through a VPN that’s cumbersome for the user. Not only will this drive support costs up and productivity down, it will stop being effective.
VPN solutions create security holes in and of themselves. Embracing cloud native services that allow someone to work seamlessly from any device anywhere will provide an improved user experience and drive adoption up. Also, these solutions will give the enterprise the ability to configure corporate policies to govern how the data can and will be used. A win for both sides.
The remote workforce trend is only going to become more prevalent and companies need to ensure that they have best practices in place to address security concerns while providing users with a positive remote experience.