Shlomo Touboul, Yoggie Security Systems: Deperimeterisation Developments - Securing the Mobile Workforce of the Future
April 2008 by Shlomo Touboul, Founder and CEO, Yoggie Security Systems
Only a few years ago, companies could protect their ‘crown jewels’ using firewalls and heavy-duty appliances to build a security wall. Although these technologies are still crucial to a layered security approach, they are no longer sufficient.
Deperimeterisation was coined to describe the new security paradigm presented by mobile working in all its forms. Although securing the enterprise from outside attack is now well understood, the growing dependence on a mobile workforce, increasingly using a mixture of 3G broadband and Wi-Fi connectivity has raised a slew of new security issues.
Working remotely offers a number of commercial and operational benefits – but enterprise security policies can often stifle the effectiveness and productivity of mobile workforce devices. Currently organisations manage laptop security via a layered approach, coupled with a centralised IT policy. When connecting to the Internet from within the corporate network, laptop users are protected by two lines of defence:
• A comprehensive set of IT security appliances running secured and hardened operating systems (OS)
• Security software including firewalls, intrusion prevention/detection system, antivirus, antispyware, antispam, and content filtering, all of which are completely controlled by the respective corporate IT organization as well as desktop firewall and antivirus software.
However, once a laptop starts “roaming” outside the enterprise-governed network, the laptop is exclusively dependent on the security software installed on the local OS.
Other physical risks also arise, such as simple theft. Someone stealing a laptop with VPN software not only gains access to locally-stored data, but can potentially enter the corporation’s secure network.
The “roaming” laptop is exposed to potential threats from nearby wired and wireless connections, such as in hotels, business lounges and airports. These threats present a critical danger far beyond the value of the individual laptop, as malware may hijack a laptop and use it as a platform for breaching corporate security, once the laptop has returned to its base, and re-connects to the network.
Simply relying on the laptop’s installed firewall/antivirus package to defeat these threats is flawed for several reasons. To begin with, no matter how well designed the software package may be, it is still subject to day-zero attacks and unknown flaws in the underlying OS. This has been common in the case of Windows on business machines. Additionally, managing the software remotely; ensuring all the latest security updates are installed can be very difficult. When the laptops themselves are the frontline defence, any security weakness can compromise the entire network. In other words, it’s “all or nothing”, either the entire network is secured or nothing is secured.
Consequently, many organisations are forced to adopt tough security policies prohibiting most wireless networking options, and imposing strict, costly and difficult to enforce cleansing procedures for returning laptops.
A dedicated hardware security appliance solves all the above issues. Unlike PCs, these appliances are equipped with hardened operating systems that do not have security holes, or unsecured layers. They are designed with a single purpose, to provide security.
This type of hardware device allows both IT managers and users to rest easy. Users have a secure computing environment to effectively work in, while the IT manager retains overall policy control and can ensure that compliance standards are maintained remotely.
While mobile security hardware is still a relatively new concept, it is certain that better, more effective mobile security will become an increasingly important issue as mobile working and connectivity rates rise. Software alone will not satisfy the increasing need for laptop protection, and the number of users that demand it will continue to rise exponentially. The mobile genie will not go quietly back into the bottle.