Securing an ever increasing mobile workforce

A company’s best defence against loss of sensitive mobile data is having an effective enterprise mobility management solution, says Adeshni Rohit, Business Unit Manager for Cisco at Axiz.

Johannesburg, 30 Oct 2019
Read time 5min 50sec

Adeshni Rohit, Business Unit Manager for Cisco at Axiz, says enterprise mobility management (EMM) solutions are soaring in popularity. And one of the major reasons behind this has been the rise in bring your own device (BYOD) policies in which businesses permit their staff to use their personal phones, computers and tablets in the workplace.

Rohit adds that nearly every organisation today allows certain employees to work remotely, using their own tools, and research suggests this trend is on the rise. However, with these devices being outside of the IT department’s control, businesses have to find a way to manage their use, lower security risks, and ensure they remain compliant. The mobile enterprise has changed the way organisations across the board approach workplace security.

“Staff who work from home or on the road need access to company data from anywhere and from any device. They access business e-mails, applications and files from a slew of devices, creating a major security headache for the tech department. They have to find ways to keep business data safe, while still supporting the mobile workforce. Mobile devices are more difficult to keep track of. They get lost and stolen with alarming regularity. They are more difficult to patch and update. And they use their own, unsanctioned applications.”

So, where to begin? The starting point must be evaluating mobile enterprise risk, she says. “The technical team needs to consider the very real level of risk posed by mobile users. And as with every tradeoff between ease of use and security, removing every single risk is simply impossible. The business needs to determine its appetite for risk, and then decide best how to protect its valuable proprietary and sensitive data.”

According to Rohit, businesses that are concerned about breaches can restrict access to critical applications, or give mobile access to data via encrypted virtual private networks (VPNs) or secure connections, preventing any packet sniffing, or interception of traffic details over connections that might be unsafe. “Highly sensitive data should never be housed where it can be reached because a bad actor happened to guess a password or network address, but even the most stringent controls can be beaten with enough determination and brute force. Those in charge of confidential data must protect it, and keep a keen eye on any vulnerabilities that may have been overlooked.”

Another way to secure data on mobile devices is through encryption, adds Rohit. Data in motion needs to be encrypted to prevent any unauthorised interception or access. Similarly, data that is stored on devices must be encrypted too. Security-conscious businesses make sure their networks are encrypted and corporate data is prevented from getting into the wrong hands. However, the plethora of employee devices and different operating systems fragment the encryption ecosystem and make centralised control an onerous process. Once again, there needs to be a balance between security and usability.

“Then there’s the human factor,” she explains. “The common maxim today is that the biggest danger to your organisation is probably sitting in the next office from you. Employees are often not conscious of basic security hygiene, and routinely break security protocols without a second thought, such as leaving flash drives lying around, sharing passwords or accessing sensitive data from unsecured WiFi networks at coffee shops. When employees are using company-issued devices, the technical department has greater control over mobile security, but even that control isn’t foolproof, the business can’t guarantee that the staff members won’t use their devices in a way that potentially exposes sensitive company data.”

Ultimately, a company’s best defence against loss of sensitive mobile data through a breach or act of negligence is having an enterprise mobility management (EMM) solution. EMM gives the organisation full control over remote devices, including remote software updates, control over device settings, device tracking, and even the ability to remotely disable, unlock or totally wipe a device. It is also the most effective way of guaranteeing compliance with company security policies. They can specify what, when and who, says Rohit.

Without EMM, the technical team is tasked with putting together a comprehensive, detailed view of network security, which would see them spending multiple hours scrutinising a plethora of data sources, manually correlating disparate data types, and trying to join the dots, she says. “This approach is onerous and fragmented, leaving plenty of room for errors and oversight. To really get on top of managing the mobile workforce and gain the upper hand over suspicious or anomalous activity across their networks, endpoints and employees, businesses need EMM to maximise their visibility into everything that is taking place on their networks and put barriers in place to prevent threats slipping through the net.”

Rohit adds a caveat: “All EMM platforms are not created equal. A comprehensive EMM platform must offer every single capability that is needed for mobile deployment, including device, application and content-level control in one, unified platform. It needs to be able to control and moderate which devices are allowed on the network according to their security posture. It needs to support all operating systems and devices, and must be prepared to support new devices as they enter the marketplace.”

With Cisco Meraki EMM, devices are centrally and securely managed from the cloud using a single Web-based dashboard. Its feature-rich, intuitive architecture enables customers to save time, lower operating costs and solve new business problems, she says. Its solutions provide total management for mobile devices and PCs. Users can provision settings and restrictions, manage inventory and device tracking, remote wipe an entire device or selectively adjust the managed apps and data, and remotely view and live troubleshoot using the included native remote desktop support.

EMM technology gives businesses the ability to manage their entire mobile ecosystem, bringing them greater control over which devices connect to the network and which applications, data and services staff members consume. “The mobile workforce is only going to grow, mobiles are already practically ubiquitous among employees, and with the appropriate controls in place, businesses will be better placed to benefit from the massive opportunities that mobile offers, while guaranteeing that sensitive information and resources are protected,” concludes Rohit.