A vision for secure mobility management in the enterprise

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

There's been a lot of buzz lately about secure mobility in the enterprise, but often the focus is on just one or two aspects of the entire mobile device security landscape. While malware protection, mobile device management (MDM) and VPN are certainly valuable tools in protecting mobile devices, each of these strategies alone can provide only partial protection. And in a bring your own device (BYOD) corporate environment, the risks of "only partial protection" can be quite large.

While antivirus and anti-malware can be effective in deflecting the majority of viruses, Trojans, spyware and other malware, they are not sufficient.

Q&A: Sprint's take on the future of mobile device management

A recent survey by BullGuard, an Internet security software developer, revealed that 53% of smartphone users were unaware of security software for their devices. And even if antivirus and anti-malware applications are installed, will they meet your network security criteria? Are they designed for a mobile platform or a patched version of conventional PC software? How frequently are the malware signatures updated? How will the applications respond to zero-day threats?

MDM similarly offers a number of protections, such as device locking and wiping in the event of loss or theft, and may include authentication and encryption as well. However, stand-alone MDM may not protect against malware and typically doesn't include a VPN solution.

On the other hand, VPNs are normally device agnostic, allowing any device that presents the appropriate login credentials to access the network. While infected devices can be quarantined or kept off the network entirely, what happens when a smartphone carrying one's entire customer list for North America is lost or stolen? And, what if an infected or compromised mobile device connects to the VPN, potentially putting one's entire enterprise network at risk?

So, how secure is secure? By combining all three strategies, you gain the ability to: connect, protect and control.

Call it the mobile security trifecta. And the winners are the corporate IT department; the employees who are now able to use their mobile device(s) of choice; and the enterprise, which benefits from improved employee productivity while protecting their network and IP assets. Let's look at each of these elements:

* Connect: SSL VPN provides authentication, encryption and granular policy capabilities which simplify the user experience while delivering optimal connectivity to the private network and business applications. 

* Protect: Physical and malware protection for mobile devices provides an additional layer of security. Lost or stolen devices can be located and tracked, remotely locked and wiped, and programmed to sound an alarm if the SIM card is tampered with. Antivirus, anti-malware, anti-spam and mobile endpoint-firewall capabilities protect against network threats. Ideally, these capabilities would be backed by a service that monitors for and updates mobile security threats over the air, around the clock and worldwide. [Also see: "2011 'eventful year for Mac malware'"]

* Control: Mobile device management capabilities round out the mobile security trifecta. With MDM, all device features (Bluetooth, Wi-Fi, camera, etc.) can be managed, monitored and controlled. Applications can be inventoried and restricted if they pose a security risk.

ADVICE: 3 tips for avoiding tablet management headaches

In addition, by combining the strengths of all three technologies, synergies are achieved that make the sum of the parts greater than the whole. For example, network administrators can now specify policies based on a wide variety of attributes, such as:

• Mobile OS version; • Mobile device integrity (jailbroken/rooted); • Mobile device malware protection status (anti-malware turned on/off or device infected); • User role and/or corporate function; or • A combination of attributes.

Regarding the latter, an administrator could, for example, allow members of the financial department to access the network only if their devices are not infected, jailbroken or rooted.

As a result, deployment is simplified for both the end user and IT department. Users gain the assurance that their devices are secured against mobile threats, for both business and personal use. And the enterprise gains assurance through improved mobility, productivity and availability of their workforce through BYOD.

Through the "connect, protect, control" trifecta, mobile security doesn't have to be an oxymoron. And, "secure" really can mean secure.

Read more about wide area network in Network World's Wide Area Network section.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email ARN
• Follow ARN on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark