Last updated: 16 May 2016
While the proliferation of mobile endpoints and BYOD programs help drive workers’ productivity up, they introduce a major hurdle for IT. If the enterprise perimeter was previously limited to well-defined corporate issued devices, that perimeter is now stretched to include personal mobile devices, and in some cases the same device doubles for personal and work-related use.
That is why it is not uncommon for enterprises today to charter mobile enterprise security plans that tackle the issue of how to enable mobile workforce productivity, while ensuring mobile endpoint security and eliminating the risk of a breach.
Here are a few pointers to keep in mind when developing your own mobile enterprise security plan:
#1 Identify the applications you need, and ensure consistent enforcement of security policies.
In order to drive mobile productivity up, you’ll need to provide the right productivity tools to your mobile workforce. How can you identify mobility-driving applications? Either from usage logs or via an end user survey, figure-out which applications your users need or will benefit from most. After identifying these, make sure to account for each application in your security plan, so that it is covered from end-to-end, including how users authenticate to a resource from a mobile device, and after what period of inactivity they are logged off (session timeout).
Caution – Consider various levels of assurance: To keep the authentication journey as simple as possible, make sure your plan includes a way to implement different security assurance levels, to accommodate the different levels of risk posed by different applications (for example, accessing the VPN vs. an attendance application).
#2 Implement mobile endpoint security measures.
Mobile endpoint security is essential as devices that are lost or stolen present a twofold hazard: Not only do they contain sensitive data, but they also contain access credentials which could be used to glean even more valuable data. According to a study by the Ponemon Institute sponsored by Intel, the overall cost of a stolen laptop is upwards of USD $49,000, with 80% of the cost comprising expenses such as “forensics, lost productivity, legal bills, regulatory expenses, and lost intellectual property.” How can you secure data within, and access from, mobile endpoints? Full Disk Encryption (FDE) of a laptop’s hard drive ensures that it remains indecipherable, even if the hard disk is physically removed from the laptop and connected to another device in an attempt to read its contents. Another option is preboot authentication, where 2FA is required before the laptop boots. And on the server-side, authentication of mobile devices can be simplified using device and behavior-based attributes, such as device ID and source IP address.
#3 Get the visibility you need to maintain compliance.
As you add more applications and throw in additional security mechanisms and policies, it gets harder to achieve complete visibility into your IT ecosystem. Find a “single point of management” solution that will enable administration of on-prem, cloud and remote resources from one, central console. That kind of solution will let you define a policy once, and enforce it throughout.
Caution – Apply real time alerts: What happens if a mobile device is lost or stolen? Make sure you have an automated alert mechanism in place that notifies you of any system exceptions (i.e. anomalies). This will ensure that you can quickly revoke permissions to all applications, so that access credentials present on a stolen device will be rendered useless.
To learn how simple and easy enterprise mobile security can be, check out our infographic or visit our A4 Authentication for Mobile Workforce Security microsite, and find out how you can secure access to Any Application, from Any Device, at Any Assurance Level, Anywhere.