The importance of a clean VPN
Virtual private networks (VPNs) offer a way to allow mobile devices to securely access the corporate network from locations with suspect security outside of the firewall - like cafes and hotels offering free public Wi-Fi. But if misused, these VPN tunnels can act as back doors for virulent material. Keeping the VPN clean is of utmost importance.
They’re working from Wi-Fi-enabled cafes, airport lounges, hotel rooms and home; today’s enterprise workers are ubiquitously mobile. In fact, the past five years have marked a noticeable shift in our work environments. Mobile devices have become much more powerful, easier to use and are now an indispensable tool. But mobility comes at a price. For one, how can IT managers avoid mobile anarchy while simultaneously providing reliable, secure mobile access?
The sheer numbers are staggering: a 2011 InfoTrends report (Mobile Knowledge Workers: Emerging Opportunities, Infotrends, January 2011) estimated that mobile knowledge workers currently account for more than 60% of the total workforce in several leading countries while, locally, a recent Galaxy Research study found that more and more Australian workers are using services such as SMS (40%), the internet (32%) and phone apps (28%) to interact with companies. These numbers are only going to increase.
Even more striking is the number and variety of mobile devices employees use during their workday. Recent data from research firm Canalys (Smartphones Overtake Client PCs in 2011, Canalys, 3 February 2012) highlighted that 2011 marked the first time ever that total global shipments of smartphones exceeded the combined total shipment of client desktops, notebooks, netbooks and tablets. While many smartphones and tablets are personal-use items, they are increasingly being deployed inside - and outside - the corporate firewall. The BYOD - bring your own device - phenomenon became a reality for IT departments before the acronym was even popular.
This consumerisation of IT, reflected in the proliferation of mobile devices and operating systems, is enough to make any IT manager or corporate executive yearn for more control and less risk. IT managers and corporate executives alike have to look both ways before crossing the mobile security street. Otherwise, they risk being hit by either the hard costs associated with cyberattacks or the soft costs of lost productivity and efficiency when mobile security is too tight. The costs are real on both sides of the equation: a recent survey of 50 of the largest US multinational corporations found the average annual cyberattack cost was US$5.9 million per company.
On the other side of the mobile access equation, how can we measure the costs of lost productivity and user frustration associated with blocking access from mobile devices? The reality, of course, is that users only think about security when they either lose their data or are blocked from accessing it in the first place. When it comes to the ability to log on to the corporate network via a tablet computer, smartphone or home PC, typical mobile knowledge workers really don’t care. They simply want access to the corporate applications and data needed to get the job done, and they want it now.
How, then, can businesses cope with the surging BYOD wave without exposing the company and its data to massive or catastrophic risk? I believe the problem for IT is not one of control but one of vulnerability. Too often, businesses deploy security solutions that focus on gaining control and blocking access. This approach is ill suited to the world of mobile devices that reside both inside and outside the firewall. Like using a sledgehammer to drive a single nail, too much control creates a sluggish, underperforming network and slows down business. What’s worse, it creates an army of frustrated and angry employees all demanding access to the applications and data they require.
The need to achieve a balance between security and performance is driven by the very nature of mobile knowledge work: the devices and their users are physically outside the firewall just as much, if not more, than they are inside the perimeter. Once outside the firewall, mobile devices must support VPN connectivity, including wireless hot spots and 3G/4G public networks, to ensure data privacy and security of company proprietary information. Because tablets and smartphones are vehicles for information flow, their users may inadvertently or even intentionally relay malware into the secure network. The chances of this happening only grow as hackers increasingly recognise the access potential and vulnerability of these devices. Consequently, IT demands the ability to scan inbound traffic to ensure network integrity and data security.
From the other side of the coin, mobile device users expect to be able to take advantage of all the protection and security offered by leading-edge applications, as mobile devices become even more vital to the business infrastructure. No matter if inside or outside the firewall, IT managers must at all times be able to guarantee bandwidth to critical applications, while limiting undesired or dangerous traffic.
The bottom line for IT, then, is: How to keep your VPN clean? How can IT ensure access as well as data integrity?
While there’s no silver bullet to answer these questions, one thing is clear: IT organisations must deploy security tools that map to the operational realities of the consumerisation of IT and the burgeoning ranks of mobile workers. By deploying new security technology that provides 360° insight into who and what is accessing a network - on a massive, real-time scale - IT managers can avoid data and access anarchy. Instead, the smart network administrators can allow their businesses to assess threats, react immediately and make access decisions based on vulnerability. To be truly effective, security must not only provide protection at the firewall, but also control the application at the device level:
- Next-generation firewalls need to decrypt and remove threats from mobile device traffic tunnelled over SSL VPN before they enter the network.
- When accessing the corporate network, IT organisations need to be able to verify if a mobile device legitimately requests access. They also need to be able to determine if a device has been jail-broken, thereby rendering its built-in security mechanism useless and increasing the risk of infection.
- At the application layer, IT managers should also have the capability to define and enforce how application and bandwidth assets are used.
- At the device level, IT administrators need to be able to define policies that identify specific attributes about the device, and ensure they are enforced, before allowing access to the corporate network.
The result of this 360° security approach is not just that malware is blocked at the firewall. Instead, IT can now dynamically increase bandwidth as needed for business-critical applications on mobile devices while limiting bandwidth for less important or even unacceptable traffic. These emerging security and access technologies accelerate business agility and performance, regardless of the device and when or where it is being used in the business workflow. The average mobile knowledge worker will still have access to the network from a favourite device but any malware, unwanted data or application will not.
With the right security deployment, global mobile anarchy becomes global mobile productivity.
The decision to dump 21st-century fibre and cobble the nbn together using old copper wires and...
NBN Co has announced a new engagement model for the corporate sector, agreeing to calls from the...
If we don't start fixing the nbn now, it may never become financially viable and the taxpayer...