Last updated: 16 May 2016
With the rapid emergence and adoption of more technologies that enable workforce mobility, enterprises are faced with even greater security challenges, including how to unshare and protect their sensitive data. There are a variety of enterprise mobile security enabled solutions available to solve some of the problems, but no overarching silver bullet solution to encompass everything.
At Gemalto, we provide enterprises with the tools and solutions they need to deploy a defense in-depth strategy that protects data from the edge to the core. But what does that mean for the mobile workforce in a world where lines between home and work, and certainly the devices we use to connect to them, are blurred?
At the front-end, or edge, are solutions such as two factor authentication that ensure that only authorized users can access the data. And much of this blog series focuses on those aspects of enterprise mobile security. Certainly strong authentication is at the foundation, providing access to all the necessary information to the right people, while keeping the bad guys out.
But what happens behind the scenes, at the back-end or core?
The essential components to securing data at the core are encryption and key management. From the physical and virtual data center to the cloud, your organization’s sensitive data needs to remain protected, compliant, and under control, regardless of where it resides. Whether you are talking about BYOD or standard issue, your data connects back, or it certainly should, to your corporate databases, applications, storage systems, virtualized platforms, and cloud environments. If not, you’ll have other issues with backup and disaster recovery to deal with too.
So what can you do to protect your data at the core while enabling mobility?
Start by identifying your most sensitive data assets, whether it is the data that enables enterprise mobility or other data in your organization, and locate where it resides in your on premises data center and through to your extended data center (cloud and virtual environments). Search your storage and file servers, applications, databases and virtual machines. Examine the traffic flowing across your network and between data centers. Then encrypt the data, at rest wherever it resides and in motion as it moves across the network. And don’t forget the cryptographic keys. By managing and storing your keys centrally, yet separate from the data, you can maintain ownership and control and streamline your encryption infrastructure for auditing and control to enable secure enterprise mobility.
Key management is one of the areas in which encryption’s ongoing cost and effort is most pronounced. When encryption is employed, cryptographic keys must be safeguarded—if not, the entire encryption infrastructure can be compromised. Further, key administration entails such tasks as ongoing rotation, deletion, and creation—sensitive, potentially time-consuming tasks, and particularly challenging in a mobile BYOD environment. However, if not managed correctly, can also present security vulnerabilities and devastating business impact. For example, loss of keys is a primary concern: If keys are lost, so is the encrypted data.
Essential to successful security is an integrated approach. IT departments and security teams don’t need another silo to manage, as stated clearly in Gartner’s recently released Hype Cycle for Enterprise Mobile Security 2015. Starting with the basics, all solutions including secure enterprise mobility should integrate with LDAP to ensure consistency across the organization and its security policies. This prevents issues that result from delayed directory synchronization for example. At the higher end, consider an enterprise key management solution that protects the organization’s key materials, including:
- Identities – this includes end users, endpoints, and services.
- Information – this includes data, and the containers and media that contain or transport this data.
What is needed is a streamlined, repeatable model for centralized, enterprise-wide encryption. This means that encryption and key management for all deployments including enterprise mobility can be centralized but distributed. By enabling your IT group to act as a service provider of encryption as an IT service enables consistent security policies to be set across the organization’s varied encryption deployments, and updated as needed automatically, with ease while business owners are assured their data is kept separate and secure.
Since secure enterprise mobility is such a vital component of the way we live and do business today, security needs to be seamless and transparent to the user. Anything overly complicated is doomed to fail, even in an enterprise environment. IT departments need to be enablers, not naysayers to enterprise mobility.
By ensuring your core assets are under lock and key, utilizing encryption and key management only accessible to authorized users, complemented by strong authentication, your organization can effectively manage your enterprise mobility strategy, while ensuring it is aligned with your security strategy.