Agile security for the mobile workforce
Increased mobility and seamless access to cloud services allow today’s employees to work more creatively and collaboratively than ever before. For organizations, mobile enablement means a productive workforce, close connections with customers and partners, and heightened potential for innovation and growth.
To support mobility initiatives and bring-your-own-device (BYOD) programs, IT groups are facilitating access to a broadening array of computing device types running various operating systems. But in doing so, they face a balancing act: preventing costly security breaches while simultaneously ensuring compliance and expanding access to corporate applications and data for authorized individuals.
In this diverse and highly competitive landscape, best-practice security has become a key business enabler — not a process of restriction and denial. For example, if employees feel that security policies impede productivity or encroach on personal data, they look for individual work-arounds to protect their privacy. Addressing security risks from theft, unauthorized access and malware can be especially difficult when employees are using personally owned laptops and mobile devices.
At the same time, IT groups must control the administrative complexity caused by adding multiple, distinct security solutions from different vendors. These solutions often operate in silos, working to lock down different parts of the enterprise: the network or the endpoint, the user or the data. A siloed approach creates gaps and inefficiencies, forcing IT to manage each silo separately and impeding progress for everybody, especially users, with unnecessary complexity.
Several best practices enable organizations to address security issues throughout the enterprise workspace by bolstering security across enterprise networks and mobile platforms. In addition, integrated solutions that avoid overlapping functionality and streamline management can help organizations maintain tight security and ensure compliance, no matter what use cases, device types, platforms and enablement strategies they support.
Strengthening network security
As enterprises facilitate remote access to corporate information and expand their BYOD programs, bolstering network security is of paramount importance. Key best practices help IT decision makers maintain security of corporate information and sustain compliance with regulations even as they widen access to information anytime, anywhere.
Build a BYOD network infrastructure. Employees may connect to the enterprise network through their own devices for personal use, which can severely limit the bandwidth available for work-related tasks. These devices also can introduce security threats to corporate resources and put regulatory compliance at risk. However, relegating employees to the guest network could reduce the bandwidth available to customers and other visitors. Instead, creating a separate BYOD network enables employees to stream media without affecting the corporate network. A BYOD network also can check that devices are validated for compliance with corporate security requirements before connecting.
Set up secure mobile and remote access. Many employees use mobile devices for work-related purposes away from the corporate campus. However, unauthorized users could gain access to sensitive apps and data through unsecured WiFi connections or theft. Accordingly, organizations should set up secure mobile access with context-aware authentication, network access controls and a virtual private network (VPN). These measures enable mobile workers to securely connect to corporate information when using public networks, and they help prevent unauthorized access.
Inspect all network traffic. The increasing numbers of personal mobile devices represent more vectors for security and compliance breaches. In addition, bandwidth-intensive applications can slow performance across the network. Organizations must monitor and control incoming and outgoing traffic to help maintain performance, security and compliance. Next-generation firewalls are designed to provide insight into traffic across all ports and protocols, helping identify applications that consume excessive bandwidth or pose significant threats. This insight enables administrators to set granular usage policies that help guarantee bandwidth prioritization and maximize network security and productivity.
Establish a security baseline. An effective identity and access management (IAM) solution helps prevent intrusions that take advantage of abused or compromised access credentials. In particular, a unified approach that is designed to raise all access to a secure baseline helps mitigate many risks typically associated with today’s heterogeneous access needs. Suitable IAM solutions provide a unified approach to identity governance, privileged account management and access management — including single sign-on — so organizations can effectively control access while streamlining important operations.
Safeguarding mobile devices
In addition to protecting the enterprise network, organizations must keep data from leaking out of the enterprise through mobile devices. Several best practices help lay a foundation for mobile security that addresses the diversity of user work preferences, device types, operating systems and enablement strategies employed across the enterprise.
Institute a password policy. As a first step, organizations should implement PIN- or password-governed access to the operating environment of all devices. Doing so potentially buys time in which to report a missing device and to disable its functionality remotely. Unifying application access through single sign-on helps improve security while reducing the need for IT assistance.
Implement user education programs. Enterprises should educate mobile and remote users on how to avoid basic behaviors that can expose devices to malware or allow unauthorized access to corporate information. For example, employees should refrain from using public wireless networks for work unless they are connecting over VPN.
Keep the OS up-to-date. An effective way to guard against vulnerabilities is to keep current with OS vendor updates. IT groups should regularly install, or require the installation of, OS updates on mobile devices to avoid exploitation of flaws in earlier versions.
Encrypt devices and data. Mobile device encryption helps protect data that falls into the wrong hands. IT decision makers should deploy encryption solutions that let administrators set encryption policies based on user, user group and data sensitivity.
Create secure containers. A contained environment, or container, can cordon off enterprise applications from personal ones, or an enterprise workspace from a personal workspace. This approach is designed to prevent personal applications and data from commingling with corporate information.
Alternatively, desktop virtualization allows employees to access applications and data directly from the secure data center without moving that data onto a mobile device. Or enterprises can deploy a virtual desktop model that keeps data in motion on a device’s container, allowing users to work offline.
Implement IAM. Effective IAM solutions are designed to provide a foundation for secure access and dramatically reduce the incidence of security breaches. By helping ensure that individuals access only what they need, IAM avoids unauthorized or malicious access to sensitive data in a wide range of situations, scenarios and use cases.
Adopting robust mobile security solutions
The comprehensive Dell Mobility Solutions portfolio includes many security offerings that address current and emerging threats. Many of these solutions can aid in the implementation of best practices for network security:
- Dell Networking W-Series wireless access: Centralized controllers, access points and instant access points, coupled with network management and access management software, provide the security, functionality and manageability needed for implementing BYOD and guest access networks.
- Dell SonicWALL Mobile Connect: This application works with SonicWALL appliances to deliver policy-enforced mobile access and help protect against mobile threats. Using the Mobile Connect app, workers can get fast, simple access to enterprise resources from their smartphones, tablets and laptops.
- Dell SonicWALL Secure Remote Access (SRA): To validate essential device security information, the appliances provide interrogation capabilities that allow only mobile devices meeting configured security policy requirements to access the network.
- Dell SonicWALL Next-Generation Firewall (NGFW): Combining intrusion prevention, anti-malware prevention and Secure Sockets Layer (SSL) decryption and inspection, the NGFWs are designed to scan every byte of every packet for deep network protection.
- Dell One Identity: The family of IAM solutions unifies identity governance, privileged account management and access management to help secure and control access to information and systems.
Dell also offers security solutions to enable a wide range of use cases, device types and enablement strategies:
- Dell Enterprise Mobility Management (EMM): A comprehensive mobile enablement solution, EMM provides systems and policy management for endpoints and containers. Built-in secure remote access with data-loss protection helps avoid breaches and protect data.
- Dell Data Protection | Encryption (DDP | E): The solution encrypts files residing on a variety of devices and external media.
- Dell Data Protection | Mobile Edition (DDP | ME): The solution encrypts and decrypts data accessed by tablets and smartphones running the Google® Android™ and iOS operating systems.
- Dell Data Protection | Protected Workspace (DDP | PW): The software helps protect users against untrusted content by placing highly targeted apps in a secure container.
- Dell Data Protection | Security Tools (DDP | ST): The set of tools enables advanced authentication, single sign-on and preboot authentication.
- Dell Custom Factory Integration (CFI): The service allows enterprises to standardize on a customized, secure system image for desktops and laptops, which Dell installs at the factory to simplify deployment.
- Dell KACE K1000 Management Appliance: The appliance helps identify and remediate vulnerabilities, centralizing management and enforcing security policy compliance across diverse systems.
- Dell KACE K2000 Systems Deployment Appliance: The appliance streamlines and automates system provisioning.
- Dell Wyse Datacenter: The solutions portfolio for desktop virtualization includes pre-configured, integrated offerings that accelerate deployment and help simplify ongoing management.
Prospering in a highly connected world
Getting security right is key to success as the scale and scope of the mobile workforce expands. Adopting best practices for network and mobile device security helps organizations strengthen protection without hindering access to required applications and data.
Dell Mobility Solutions for security accommodate an ever-expanding array of use cases, device types, platforms and enablement strategies. These solutions help enterprises implement best practices that boost employee productivity, accelerate organizational outcomes and enable regulatory compliance. Implementing a comprehensive, integrated approach to security enables organizations to capitalize on mobility advances while streamlining management and filling gaps created by legacy security silos. Ultimately, security measures that safeguard sensitive enterprise information across diverse systems allow IT leaders to embrace promising new technologies quickly and effectively — delivering the business agility to capitalize on exciting innovations in ever-shortening windows of opportunity.
Roger Bjork is director of global product marketing, responsible for overall mobility/BYOD solutions for Dell.
Dell security and data protection software:
Dell secure mobile access solutions:
Dell Data Protection Solutions:
Dell One Identity Solutions:
Dell Mobility Solutions:
Download a PDF version of this article here.
Dell, KACE, Mobile Connect, SonicWALL and Wyse are trademarks of Dell Inc.