Network vs. Device Security

Which is more important in a collaborative environment?

As virtual offices and remote workforces become the norm, so does the need for a secure mobile collaborative environment. Employees want to be able to work and share information whenever and wherever, and enterprises want to reap the productivity benefits that mobile delivers. However, supporting today’s mobile workforce doesn’t come without a few challenges. Businesses need to balance their employees’ desire for bring your own device (BYOD) and bring your own apps (BYOA) with their IT department’s mandate to maintain control and keep sensitive corporate data secure.

Without proper policy and tools in place, employees will ultimately create their own solutions or “workarounds” by default. This unwittingly puts the enterprise at risk for myriad security threats, including data leakage, non-compliance, version conflicts and former employees who depart with sensitive corporate information.

While mobile workforces can potentially be disruptive to the enterprise, they don’t always have to be. By implementing a proper mobile collaboration and BYO policy, both the IT department and mobile workers can be kept happy—while increasing overall productivity and efficiency at the same time. But where should you begin? Do you focus on securing the network itself, or the mobile devices? Or neither?

Network Security

Most organizations provide access to corporate data and applications through virtual private networking (VPN) software and services. Unfortunately, however, road warrior employees often find that VPN services are not available in every location—especially when traveling abroad. And when they are available, connections can often be slow and intermittent. In addition, VPNs can provide access to too much of the corporate network, making it harder for IT to truly enforce security policies.

VPNs pose challenges locally, as well. When used with unprotected mobile and home devices, VPNs can serve as an easy entry point for malware and hackers into the corporate network. SSL VPNs offer ways to restrict mobile data access, but that access has to be Web-enabled. The split tunneling features of today’s VPN solutions separate employee Web surfing from LAN access but also provide a convenient pathway for Internet malware and hackers to enter directly into the corporate LAN. The more sophisticated hackers siphon off corporate data for profits, and the less sophisticated simply wreak havoc on the network and add to unnecessary restoration costs for the organization.

Policy-based network access to certain types of corporate data is another mechanism, but this option would be hard-pressed to provide secure access directly to all native corporate repositories, including those of Microsoft SharePoint. While network security is still a necessary part of a successful, secure enterprise, certain measures can interfere with employees’ mobility, and, thus, productivity, which can make device security seemingly more attractive.

Device Security

Let’s look at devices. Essentially, pass codes and remote wipe capabilities are helpful and can be used as a deterrent when a device is lost or stolen. However, neither is sufficient to completely secure corporate data. Passwords can be figured out, and even the most secure mobile devices can be rooted or hacked, and often by the time an IT administrator is notified of a lost or missing device, the data has been acquired or leaked and it’s too late for a corporate wipe.

Stolen devices can end up costing enterprises a lot more than they might expect, as highlighted earlier this year in an infographic published by the technology accessories company Kensington. The research also pointed out some other frightening facts:

  • 70 million smartphones are lost each year—only 7 percent are recovered
  • 50 percent of all mobile device users keep passwords, personal information and credit card info on their device
  • 36 percent of tablets contain confidential work-related information
  • Devices are most often stolen at the office (52 percent) or at a conference (24 percent)
  • One laptop is stolen every 53 seconds

And then there are apps. According to a recent report from Appthority, 96 percent of iOS apps and 84 percent of Android apps have some ability to access sensitive information on mobile devices. That access is most often supplied to gaming apps, but very often business apps such as those used in healthcare and finance also have visibility into that information.

So, if network security is causing headaches for mobile workers and employees and standard mobile device security measures simply aren’t enough to calm IT’s nerves, what is the most important security aspect in providing efficient, cost-effective and safe collaboration? It is data security.

Data Security

“We’ve always believed that ultimately security and compliance boils down to being able to control the data,” said John Herema III, senior vice president of corporate strategy at Good Technology.

Achieving mobile worker productivity with no compromises to the data is the key—but how? The challenge is to find a way to provide users within the enterprise file sharing tools that provide the mobility, flexibility and easy collaboration they demand, while also providing the enterprise security, governance and controls that any organization requires to protect its sensitive and valuable data. Maintaining data ownership, security and governance is the most important criteria for enterprises in allowing BYO and mobile collaboration.

According to a recent report conducted by the Ponemon Institute, the average cost in 2011 of recovering from a single corporate data breach was $5.5 million. Enterprises simply can’t afford to have their data and, subsequently, their reputation compromised.

Based on my experience working with companies around the country, I think there are three key areas a business needs to review about its data before embarking on a productivity project with a secure enterprise collaboration solution for mobile smartphones and tablets.

  1. Data Ownership: Where is your data? With BYOD and BYOC (consumerbased cloud solutions) for document sharing, your corporate data stays with the account owner. So how do you make a separation of personal and corporate data? Do you want your data copied in the cloud? In the DMZ? Do you want any extra copies?
  2. Data Security: Protecting the corporate data has always been a top priority. For the mobile enterprise, it is even more so. What about lost or stolen devices? Will you be able to use the same protection mechanisms as you have been using with your corporate-issued laptops? Is VPN access an option—do you want to open your network to accessing any app? Do you want to run the risk of introducing malware into the network?
  3. Data Governance: How do you get control and visibility so that you can ensure there are no data breaches? Do you need user-specific policies? Perhaps you want to allow the marketing department editing capabilities for collateral, but you do not want the sales department to be able to change the master slide deck. How do you make sure a document does not live on a user’s device forever? What do you do for departing employees who take their BYOD and personal accounts with them? How do you handle compliance regulations? You will definitely need an audit trail to prove compliance.

To ensure data security and harmony among IT and employees, enterprises should also consider the following mechanisms:

  • Secure access that provides native file server access, including to SharePoint files, network shares and other document management systems without costly, risky duplicate cloud/DMZ stores and with no firewall reconfigurations. Multifactored authentication with Active Directory credentials and a token or other industry standard authentication mechanism should be enforced for access.
  • A secure data container that doesn’t rely on the mobile device’s data protection to be enabled but instead stores all corporate data on the mobile device in a container that is encrypted with enterprise-grade encryption. The keys should be stored inside the firewall with the corporation and not with a third-party, multi-tenant cloud provider.
  • Trusted app data sharing: Allow documents to be shared only by trusted applications that are authorized by an IT administrator. Unauthorized apps should be prevented from accessing corporate data. This capability enables separation of personal and corporate data. That is, it enables dual use and co-existence of personal and corporate data on the device; but by allowing the corporate data to be accessed only by authorized apps, it isolates the corporate data from personal apps and data.
  • Policy management offers enterprise controls by enforcing policies based on a mobile worker’s profile. The policy management should be granular and capable of being applied for a variety of factors such as caching, emailing, printing, opening in apps, expiring and revoking. Mobile workers should be granted entitlements on their mobile app based on the policies. Auditing capabilities for governance are needed, too.

Securely accessing documents and sharing and syncing them through mobile devices—across any platform—from laptops to SharePoint or other file servers, is necessary for employee productivity. Mobile workers also need the most up-to-date information at their fingertips across their multiple devices. Meanwhile, IT departments need to maintain control and governance over data, mobile devices and the network itself, without interfering with employee productivity.

While network and device security are important and can certainly be useful in contributing to the overall security of an enterprise, they simply aren’t enough. Data security is more important, more effective and the best bet for an enterprise looking to secure a mobile, collaborative workforce while maintaining harmony with the IT department, which in the end increases overall enterprise efficiency.

This article originally appeared in the October 2012 issue of Security Today.

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3