Smartphones are getting smarter, laptops cheaper. And the business world continues to increase its pace, providing those that can stay ahead with a competitive advantage - and those that cannot, with a distinct disadvantage.
The enormous growth in telecommunications infrastructure, as well as the rise of Web 2.0, has made it immensely valuable for businesses to equip their workforce to work from wherever, whenever - on the road, between meetings, from home or at conferences and events.
The rise of the mobile workforce has meant that businesses can now take advantage of more flexible and affordable staffing pools. In addition, businesses can engage prospects and customers via interactive online applications. Partners, vendors and consultants can collaborate by accessing applications from multiple locations, and employees can ensure business continuity after unexpected disruptions by working from home or from other unaffected sites.
But with change comes new challenges, and when it comes to gearing your business for mobility these challenges are substantial. Business critical data is on the line and, at the same time, there is pressure to adapt to these new market conditions quickly. Time cannot be wasted - in fact, it has in general not been: most organisations were quick to adopt the mobile workforce model. It`s only now, however, that they have started to consider how to tackle the challenges mobility has created.
Business practices have extended network users, endpoint devices, traffic and resources beyond the limits of the traditional perimeter. Whereas all data previously resided in one place, making it easy to secure and manage, with a mobile workforce, data is now dispersed across multiple locations, multiple devices and multiple online platforms and applications. This has made controlling sensitive data - and who has access to certain data via remote access - increasingly difficult, exposing the business to a range of threats.
For example, user identities can be stolen, hacked or inappropriately shared; mobile devices can be lost, stolen or borrowed to the users` friends and family. Thus, when it comes to remote access of the network, the user attempting access cannot always be trusted to be the person they claim to be.
Added to this, the mobile device being used could be damaged, reconfigured or could lack essential security maintenance and updates. And finally, the network traffic itself has changed and no longer comprises of only `store-and-forward` and `session-based` applications like email, Web pages and traditional client/server applications, but has expanded to include real-time collaboration tools, Web 2.0 applications, instant messaging, VoIP, streaming media and more. This means that now the majority of business network traffic either originates from outside the network perimeter, or crosses over it, opening the network up to a range of threats.
Secure remote access as business enabler
Where in the past, IT could simply block all access to the resources beyond the traditional network perimeter; in today`s business environment, this would simply be counter-productive. Instead, it is now vital that IT approaches network security so as to enable business beyond the perimeter.
While encryption tools have become highly sophisticated in recent years (the functionality that comes with the majority of remote access solutions), this is no longer enough. While encryption may ensure that data packets cannot be `read` by a hacker, they aren`t able to interrogate the identity of users trying to access the network - nor the trustworthiness of the actual device that a particular user is using.
What businesses need to do to achieve the right level of security is to ensure that the correct security measures are put in place regarding the remote access of data, applying criteria such as what device is being used, who is using it, and what specific data the person is trying to access.
Organisations should only consider secure remote access solutions that are capable of the following critical functionality:
1. Detecting the integrity of endpoints and traffic
The solution should be able to differentiate between the different devices that access the network and then provide a different layer of security depending on the vulnerability of the particular device. For example, it needs to be capable of interrogating the endpoint to ensure that it possesses the necessary security attributes (operating systems, applications, domain membership, certificates, files, anti-virus, anti-spyware, personal firewalls, etc). It should also have the ability to perform Deep Packet Inspection (DPI), so that if a user is accessing the network via an untrusted endpoint (home computer or kiosk), the entire traffic data stream is inspected to prevent attacks from entering the network perimeter. Different levels of access should be granted depending on the trustworthiness of the device, ie, whether the endpoint is a fully IT-managed device, or an unmanaged public or personal device.
2. Detecting the integrity of users
An effective secure remote access solution should be capable of controlling admission based upon the level of trust granted to each remote user, and control access based upon the applications and data that each user is authorised to access. Because one user might use multiple devices to access the network - and any of these could fall into the wrong hands - it is essential that not only the device is interrogated, but the user too.
These are just two fundamental functions that the modern secure remote access solution should perform, amongst others, such as the ability to perform backups on a regular basis (so that if a device is lost or stolen, critical data is not lost with it). As new mobile devices such as the iPad enter the world of business communication, it is essential to choose a secure remote access solution that is capable of interrogating the entire range of mobile devices and is scalable to meet future demands. And most importantly, it is essential that organisations adopt a proactive stance to securing the corporate network, and don`t rely on their employees to take on this responsibility.
Share