Defining Security Norms for the Mobile Workforce

By-Anshuman Singh,  Director, Product Management of Application

Security, Barracuda Networks

The IT sector is booming and the research and development in this sector is powering radical innovations at a very fast pace. These radical discoveries have the ability to transform the way organizations carry out their routine tasks, while allowing them to achieve the highest levels of efficiency. Mobile access to the company data and Bring Your Own Device (BYOD) are some of the trends that are burgeoning among the consumers as well as powering the corporate sector. As these enhancements are promising for the corporate world, they also demand extra caution to review the security infrastructure.

Innovations in the consumer technology space together with the phenomenal growth of wireless Internet has given birth to this new era of mobile workers who believe in staying connected and available at work even on the move.

According to Gartner, by 2016, two-thirds of the world’s mobile workforce will own a smartphone and 40% of the entire workforce will be mobile. There is also increased acceptance among organizations to implement BYOD policies and mobile admittance to business data is fast becoming one of the defining factors for realizing the full efficiency and effectiveness for

mobile workers.

MEASURING THE RISKS

While companies may be able to cut down on cost by adopting BYOD policies, this trend is forcing dramatic changes in the way the network infrastructure is perceived and built. BYOD increases the risk of data breaches as the personal devices are usually not protected by  enterprise network security measures. Key risks posed by

BYOD include:

• „„IT administrators losing the visibility of devices accessing the corporate system and data outside the network. Also, they cannot gather forensic information in case of data breaches from these devices.
• „„Unsafe or insecure applications that can compromise
  
  the security of corporate networks may be present on
  
  employee-owned devices.
• „„These devices are often used on unsecure networks
  
  (like public Wi-Fi hotspots), opening the door to malware
  
  infections or data leakage.
• „„‘Jail broken’ or ‘rooted’ mobile devices may provide
  
  enhanced features and functionality, however this opens
  
  up the device to potential risks. Beyond the ability to
  
  override the device security, malware can be embedded
  
  within the software used to root the phone, or within
  
  applications that are installed from unknown or unreliable
  
  sources.
• „„Corporate network or sensitive data can be accessed
  
  on personal mobile devices if the device is stolen or the
  
  employee leaves the company.
• „„Personal devices are more vulnerable to attacks due
  
  to the wide use of social media applications.

MITIGATING BYOD SECURITY RISKS

If an organization decides to allow its employees to bring their own devices, it needs to build in solutions that will take care of most of their concerns. IT administrators must make mobile security a part of their overall network security strategy. They should ensure that corporate network policies extend to employee-owned devices.

They should also implement mechanisms to secure, regulate, and monitor access to corporate resources and data from these devices. Mobile security should be incorporated into all aspects of security rather than implemented as an afterthought.

Organizations can do a lot to secure their own infrastructure from hackers by using secure proxy such as Web Application Firewalls (WAF) as a front-end to their web applications. Web Application Firewalls are special devices that focus on securing web traffic from the network level and as such have much more intelligence about web threats. It is also essential that while these systems are internally complex, IT administrators shouldn’t be exposed to the complexity that may dampen security measures instead of enhancing them. By simplifying your IT processes, time and human error can be minimized to ensure your company data is safe.

LOOKING FORWARD

The corporate world is coming to accept that the modern workplace will be a multi-device workplace. As much as this presents newer form of challenges to the IT administrators, there are always ways to manage this issue of data fragmentation. What is important is to work towards creating a more secure firewall with increased privacy controls and data protection.

Going forward, the responsibility on the shoulders of the technology providers to fight the advanced vulnerabilities is further slated to increase. As mobility technologies become more commonplace, security technologies will take the front seat in the IT strategies for businesses. The task at hand will be to envision the security needs of the next generation mobile initiatives and gear up to deliver

the ammunition for the same.