IT Performance Improvement
Networking and Telecommunications
Share This Article
Securing Your Enterprise Data in a BYOD World
The press has been awash during the past few weeks, with speculation regarding Blackberry's version 10 and their new devices. All was revealed during the worldwide unveiling recently and here at GLOBO we didn't see the news as too impressive or that dramatic.
It is well accepted that smartphones and tablets are changing the way in which an employee can interact with enterprise systems, services and data and the BYOD trend is certainly here and growing fast. However, BYOD strategies and the implementation of solutions to support this trend require careful thought and consideration, especially where the security and protection of corporate data is concerned. Aside from the obvious functional needs and expectations of a BYOD solution, security presents many challenges for the enterprise, and I often see a number of the fundamental requirements overlooked, ignored or downplayed.
What happens if a device with access to corporate data is lost or stolen, or if an employee leaves? There are, I believe, a number of security features that should be considered as mandatory when allowing an employee to have mobile access to systems, services and data that are ordinarily very secure when accessed within a corporate environment. Mobile is very different and has a whole set of new challenges for security.
Communications should be proxy-based, the mobile device should not communicate directly with back-end systems; all communications should go through a host which resides in the DMZ. This eliminates the need for costly and complex VPN solutions. All data at rest or transmitted should be protected by end-to-end encryption, preferably using 3DES 192-bit encryption on the server and AES 256-bit on the device or when sent over the air. Authentication is an often overlooked topic and the support of an organisation's existing login credentials is useful, for example via LDAP or Active Directory, thus removing the need for distinct user accounts for mobile access to be provisioned and managed.
|Communications should be proxy-based|
All data at rest or transmitted should be protected by end-to-end encryption
Authentication via LDAP or Active Directory
I frequently hear our customers and partners talk about the security of data in terms of encryption. It's far less common for us, however, to receive questions about the control and management of access rights and permissions to the data, which in my opinion are extremely important aspects of security, too; for example, access rights based on employee roles, procedures, policies, connection methods and device types. Furthermore, considerations such as allowing or denying access to enterprise data and services based on an individual's actual requirements are paramount and this should include the ability to permit or deny functions such as copy and paste.
The ability to securely and effortlessly manage any data and applications specific to the enterprise on the device in a centralized manner (without the need for costly or complex MDM or MAM solutions) is a requirement we often receive at GLOBO, especially from our larger customers, as this allows an organisation to perform functions such as the removal of data and apps from lost or stolen devices, to lock-down access from specific devices, update security policies and user access rights and lock specific functionality or features to prevent data leakage.
So, my personal recommendation to anyone looking to implement a solution to support BYOD, while ensuring full data security, is to strongly consider a secure containerised approach to the Enterprise Mobility plans. Such an approach seamlessly segregates personal and enterprise in a secure manner. This is also a view supported by Gartner, as noted in its recent Research Note on this topic.
My summary on the implications of security on Enterprise Mobility and BYOD is to choose any solution carefully, and only after a thorough assessment and evaluation of your current and expected future requirements, while keeping a close eye on the emerging and ever changing technology advancements.
About the Author
Trevor Goldberg is Director of Strategic Alliances for GLOBO plc. GLOBO is exhibiting at Infosecurity Europe 2013, the No. 1 industry event in Europe held on 23rd - 25th April 2013 at the prestigious venue of Earl's Court, London. The event provides an unrivalled free education program, exhibitors showcasing new and emerging technologies, and practical and professional expertise.