Freely subscribe to our NEWSLETTER

Network traffic no longer consists only of store-and-forward and session-based applications like email, Web pages and traditional client/server applications, but have expanded to include real-time collaboration tools, Web 2.0 applications, IM, peer-to-peer applications, VoIP, streaming media and telepresence conferencing. A majority of business network traffic now either originates from or traverses endpoint devices located beyond the perimeter, opening new conduits for evolving threats. With new methods of gaining entry, savvy and financially-motivated criminal attackers have unleashed ultra-sophisticated threats, increasing the risk of compromised data, systems downtime, reduced productivity, bandwidth consumption, and monetary theft.
Mission-critical and sensitive information is stored and computed on remote and mobile endpoint devices. Today, IT needs to take steps to secure data flowing in and out of these external resource repositories, as well as their own corporate data centers. Plus, there is the complex ‘risk/reward’ equation of BYOD (bring your own device). Perhaps the biggest threat is from users themselves, who are increasingly utilizing their mobile devices with scant regard for IT policies.

As their numbers increase, mobile devices become a more lucrative target for criminal attacks. The same threats that plague traditional computer operating systems can affect smartphones and tablets, disseminated in emails, social media sites, games, screen savers, instant messages, slide shows, or in some cases by shady URL-shortening services, which make bogus redirecting links more difficult to identify. One report, for example, cites that Android users in mid-2011 were 2.5 times more likely to encounter malware than at the beginning of the year. Because smartphones and tablets are a more intimate communications channel than a computer, users are more likely to interact with files masquerading as personal communications. Likewise, users cannot as easily detect cues that a website is a false front on a handset with a small smartphone screen. Mobile device users have a 30% likelihood of clicking an unsafe link.

What is more, this is not just a security issue. Increasingly, mobile device usage is placing great pressure on corporate network resources, too - especially when users consume high-bandwidth content such as video. According to a study by IDC, people downloaded 10.9 billion mobile apps in 2010 (a figure IDC expects will increase to nearly 76.9 billion by 2014), each a potential threat to corporate security PLUS a potential drag on network performance which has direct impact on productivity and profitability. The combination of these factors presents IT departments with a serious dilemma. On one hand, smartphones and tablets are simply too powerful and useful for businesses to ignore, empowering users in completely new ways and enabling them to work far more flexibly and productively. On the other hand, they are also difficult to deploy securely, adding substantial pressure to technology budgets and resources.

In order for organizations to obtain maximum benefit from the mobility phenomenon, they need to think about how much access they can give to the workforce, not how little. That in turn means making some important decisions about where and how the different mobile platforms really need securing. There is a three layered approach that businesses, and those charged with securing them (from a technology perspective), should be implementing:

• Detect the integrity of users, endpoints and traffic from beyond the traditional network perimeter

• Protect applications and resources against unauthorized access and malware attacks

• Connect authorized users with appropriate resources seamlessly and easily in real time

Clearly, smartphones have joined laptops as de facto network endpoints in corporations, academic institutions and
government entities. In managing security for these mobile devices, IT must be aware of the differences, as
well as similarities, between laptop and smartphone platforms. With these distinctions in mind, IT can apply
best practices to ensure the confidentiality and security of corporate communications from both inside and
outside of the network perimeter – from ALL endpoints.

Securing access from outside the perimeter:

1. Establish reverse web proxy: By providing standard web browser access to web resources,
reverse proxies can authenticate and encrypt web-based access to network resources. Reverse
proxy delivers access agnostically to both laptop and smartphone platforms, thus minimizing
deployment overhead.

2. Establish SSL VPN tunnels: Agent-based encrypted SSL VPN tunnels add easy ‘in-office’
network-level access to critical client-server resources from both laptops and smartphones.

3. Deploy endpoint control for laptops: To help establish and enforce acceptable security policy
compliance for manage and unmanaged Windows, Macintosh and Linux laptops, endpoint control
can determine the presence of security applications and allow, quarantine or deny access based on
security policy and user identity. As addressed above, this is very important for laptops, but less
important for smartphones due to their white-listed app distribution environment.

4. Create a secure virtual desktop for laptops: Secure virtual desktop environments can prevent
users from leaving sensitive data behind on unmanaged Windows laptops.

5. Apply cache cleaner technology for laptops: The cache cleaner can remove all tracking
information from the laptop once the user closes the browser.

6. Scan VPN traffic through the Next-Generation Firewall (NGFW): Both laptops and smartphones
can act as conduits to enable malware to cross the network perimeter, even over WiFi or 3G/4G
connections. Integrated deployment with an NGFW establishes a Clean VPN. that decrypts then
scans all the content. NGFW gateway security measures (Anti-Virus/Anti-Spyware, Intrusion
Prevention Service) can decontaminate threats before they enter the network.

7. Add strong authentication for both laptops and smartphones: An effectively secure solution
should integrate seamlessly with standard authentication methods such as two-factor
authentication and one-time passwords.

Securing access from inside the perimeter:

8. Scan WiFi traffic over NGFW: Integrating NGFW with 802.11 a/b/g/n wireless connectivity creates a ‘Clean Wireless’ network when the user is inside the perimeter.

9. Control app traffic: In general, mobile device apps are either critical business solutions or personal time-wasters. A Clean VPN solution featuring application intelligence, control and visualization can enable IT to define and enforce how application and bandwidth assets are used.

10. Prevent data leakage: Data leakage protection can scan outbound traffic for watermarked content.

11. Block inappropriate web access: Content filtering can help mobile users comply with regulatory
mandates by ensuring a non-hostile network environment.

12. Block outbound botnet attacks: Anti-malware can identify and block outbound botnet attacks
launched from mobile devices connected to the network.

Mobile devices present IT with entirely new challenges. Not least of these is the risk that the IT department may actually be harming, rather than enabling the business, by imposing overly restrictive security policies. The solution – of course – is in security. The magic however is deploying security that protects but is not a barrier. The solution is security which enables the business, rather than holding it back from the rewards many of these new devices offer.