Strategies for Securing the Mobile Enterprise
Copyright 2014 by Virgo Publishing.
Posted on: 02/19/2013


Stephan TallentBy Stephan Tallent

IT departments have become accustomed to dealing with internal demands for new technology that compromise network security. Beginning with the introduction of the Internet, followed by the Web, IT has had to adapt to a changing environment and utilize network security technologies, such  as VPNs, firewalls and intrusion prevention systems (IPS) to safely meet demands for information access. The influx of smartphones and tablets simply continue this trend.

Mobile Security Challenges

While businesses should look to the past for insight into how to deal with emerging security issues, they also need to deal with some of the unique challenges of smartphones and tablets.

  • Loss of Control. Many employees have found that mobile devices often do not deliver the same strict policy enforcement capabilities as desktop devices. This policy gap enables these employees to use their mobile devices to access applications and content, such as video streaming, that is denied by standard corporate policy. With mobile devices offering an easy way to bypass the limits normally imposed on them, users are putting a strain on the corporate network and exposing it to additional risk of compromise.
  • Increased Potential for Data Loss. With devices operating outside the confines of the traditional brick-and-mortar building, the potential for data loss increases significantly. The threats to mobile users include the risk of malware infection, inadvertent or malicious sharing of critical business data or the devices being lost or stolen. Additionally, rogue wireless networks exist in the public with the sole purpose of stealing unprotected data.
  • Inconsistent Security Policies Across Devices. Another challenge for organizations looking to secure mobile devices is the inconsistency of policies across different devices. For every device manufacturer and version of the mobile operating system, there are likely to be differences in what policies can be applied.

Device Security vs. Network Security

While antivirus and VPN clients running on desktops, laptops and mobile devices have a place in any security arsenal, they should not be the foundation for an IT security strategy.

Protection should begin with a network security solution that incorporates the variety of technologies necessary for a multilayered approach, such as firewall, VPN, intrusion prevention and application control. Unified Threat Management (UTM) and next-generation firewalls consolidate multiple functions into a single device and allow IT administrators to easily monitor the flow of data and behavior of the device and the user while they are connected to the network.

Here's why: It’s next to impossible to put a client on every device that needs access to information on your network. Network security-based policies are necessary to deal with the large number of guests, contractors and customers that will access the network.

And, of course, there is the added complication of employees bringing their own devices to work. This so-called BYOD environment offers potential for greater productivity and cost savings, guaranteeing it's not going away any time soon. In order to secure these devices and associated data, organizations will need to look toward network-based solutions and not just wireless and agent-based solutions that claim to solve the BYOD challenge. Simply put, the network must be the final authority on what information goes to and from devices.

Managed Security Services

Tying a single user to multiple devices, addressing access privileges and device-specific security vulnerabilities is no small task. Many businesses will struggle with the challenge of integrating devices securely into the network and will turn to MSSPs to meet the need.

Security-as-a-service can be hosted in data centers, provided by network service providers in "security-by-the-megabyte" increments or delivered as managed customer premise equipment sized for each location's user, control and Wi-Fi specifications.

For BYOD environments, managed security service providers (MSSPs) combine the security architecture and management expertise into an intelligent inspection point, ensuring  each device meets corporate security policies before gaining access to the network.

Stephan Tallent is director of managed security providers – Americas for Fortinet Inc. He has more has more than 20 years of networking and information security experience, the last 12 spent building managed security service practices. Prior to Fortinet, Tallent supported product development, technical design and sales support operations at Logix and Masergy. He also held sales and marketing roles at ANX and Iomega (EMC), and was co-founder and chief architect of a successful VAR turned MSSP. He is a Certified Information System Security Professional and a Fortinet Certified Network Security Professional.
Twitter: @stephantallent, @fortinet


Hear more from Fortinet's Stephan Tallent in the session, "Securing the Mobile Enterprise," at the Channel Partners Conference & Expo, Feb. 27-March 1, in Las Vegas.