IT security professionals face a new headache today: Thanks to mobile technology and growing interaction with customers, suppliers and other partners, the enterprise no longer has clear borders.
“Your perimeter is dissolving to where your LAN is just open to anybody being able to come in and get access,” Krishnan says.
One of the greatest security threats to the corporate network is the company employee who takes work home and works on a laptop over the weekend, points out John Dathan, Juniper’s director of enterprise sales, Americas International. Kids may use the same laptop to play games and download music, possibly introducing viruses, spyware and other hazards. Then, says Dathan, “Monday morning that executive walks back into the office, walks right past all the firewalls and right past all the perimeter things that have been built.”
And it’s not only employees. In this age of anywhere, anytime access, Slodichak says, clients and partners may want network access while visiting your office.
An increasingly popular way to address these concerns, Slodichak says, is to implement software that can not only check mobile devices for viruses but make sure they are equipped with firewalls and up-to-date antivirus signatures before allowing them into the network. Those that fail the test can be directed to a virtual LAN isolated from the rest of the network, where they can obtain necessary updates.
Mobile devices that fall into the wrong hands are also a significant problem, as numerous headlines have shown in the last couple of years. The issue is growing not only because the devices are proliferating but because their storage capacity is increasing, Branston notes – “how many filing cabinets do you think can sit on an iPod today? It’s rooms and rooms of them.”
Rapidly proliferating wireless hotspots also present problems, says Dean Turner, senior manager of security response at Symantec Corp. in Cupertino, Calif. Traffic on the public networks is unencrypted unless road warriors use VPNs to connect to the office, he says, and “that’s like setting a buffet for these guys.”
What’s a security manager to do? VPNs have become virtually de rigueur for road warriors connecting to enterprise systems from outside the firewall. Web-based applications with carefully considered access controls can help. And educating employees about proper security precautions when on the road – from avoiding dicey hotspots to thinking twice about storing sensitive data on laptops and handhelds – is a critical part of the strategy.
Around a dozen of St. John’s Ambulance Alberta’s 70 employees work remotely on a regular basis. Zasada says the power users rely on VPNs to connect back to the office, but St. John’s Ambulance has also constructed some web-based applications and those with simpler requirements can connect using basic terminal services.
“You can’t shut down the mobilization of data,” Branston says, “so the only thing you can do is protect it.”