Security in the Age of the Mobile Workforce

The mobile workforce presents unique security concerns for IT. How can enterprises protect their data?The mobile workforce is a boon for enterprises. No longer constrained by geographical concerns when hiring, corporations are able to attract the best talent and offer them a high level of flexibility and the ability to collaborate with their peers across the globe.

Remote access allows employees to work from wherever they are, and field employees can access all the data and resources they need on their mobile devices. In addition, companies save on travel expenses as their employees enjoy the ability to hold virtual meetings in which collaborative software makes it easy to brainstorm and discuss a project.

Increasing Cloud Migration 

The rise of the mobile workforce wouldn’t be possible without the increasing adoption of cloud technology. These two growth areas are intertwined and present a complex security landscape for IT. Here are a few of the concerns on the minds of CIOs trying to protect their systems and data:

  • Providing a secure and reliable data connection for the mobile workforce
  • The complexity of bring your own device (BYOD) culture
  • Supporting technology for a global team, including syncing time differences and facing infrastructure challenges and language barriers

Security in the Cloud

With so much data flying around the mobile workforce, data centers, and the cloud, there’s a lot of opportunity for security breaches, which can be costly in terms of disaster recovery and from a public relations perspective. Every CIO faces concerns when they consider allowing all of their data to move outside the relative safety of carefully-constructed corporate firewalls.

The good news is that the cloud can be as safe as any corporate environment with the right security tools in place. In addition, disaster recovery tends to be much less costly than it is in an on-premise system. The flooding of a data center in a river valley, for instance, won’t cause an interruption in business processes because the data is stored in the cloud.

Putting out Fires

Many CIOs, confronted by the complexity of security in the age of the mobile workforce, are turning to managed services for a variety of areas, including mobile security. In a changing landscape in which cloud and mobile technology are significantly disrupting the IT industry, CIOs are realizing the value of outsourcing some aspects of security management. It frees them to focus on strategy and innovation, rather than putting out security fires.

The mobile workforce adds a new layer of security concern to an already complicated cloud environment. Talk to your clients about outsourcing their security, with Focal Solutions as your partner. Contact us today to discuss the new challenges in mobile security.

 

Adopting Policies That Work for BYOD

BYODThe year was 2009 when the mobile phone revolution inspired office workers to begin to break away from their cubes, ushering in freedom from desktops. An emerging trend, bring your own device (BYOD), surfaced across a wide spectrum of industries. While BYOD has since proven to have many benefits, it also has its drawbacks. Here’s a deeper look at the advantages and disadvantages of how portable devices have reshaped IT and the business world.

Costs of Convenience

A significant reason BYOD has become popular is the convenience of workers using their own devices with which they’ve grown comfortable. It’s convenient for management as well, since it frees up the budget for expenses on other needs beyond equipment. At the same time, however, it’s been a nightmare for some IT teams to oversee a wide range of technology that they cannot completely control.

The savings companies enjoy from avoiding desktop purchases are sometimes offset by the processing fees of plan subsidies, greater security risks, and less productivity from workers using their devices for personal use. The fact that employees can take home data that can be compromised by nefarious entities should be cause to look into device management strategies carefully before implementing BYOD.

First, Conduct Sufficient Research

The quickest path to quagmire in the BYOD era is to not bother planning a structured mobile device policy. Thorough research is needed on costs, ease-of-use, platforms, operating systems, models, and security risks. Partial plan policies may look more appealing on the surface than buying devices outright. But management should not overlook processing costs related to employee expense reports, which average around $18 per report, according to a 2013 Aberdeen Group analysis. Each business needs to study its own finances to determine if this model will provide savings.

A BYOD feasibility study also needs to include the potential security breaches that can occur from the vulnerabilities that BYOD introduces. This research (which can include Google, expert blogs, suppliers, software specialists, and business publications) may lead to a narrowed list of mobile device selections for employees to choose from. Comprehensive research will also help managers make the following determinations:

  • Rules and policies for professional vs. personal use
  • Mobile Device Management (MDM) strategies
  • The level of extra work and pressure BYOD will put on IT support
  • Price targets, options, and negotiation strategies

Developing a Company Mobility Plan

After compiling the above information, management should write a detailed company policy that spells out specific rules and regulations. The policy should identify which employees are permitted to use their own personal devices, which types of devices are allowed, and how they may be used in the workplace.

Additionally, the policy should specify who pays for phone and data plans and who is responsible for device maintenance and security. Finally, the policy needs to culminate in a summary of the company’s enforcement policy of rules and regulations.

The Power of MDM 

MDM software, such as IBM’s MaaS360, strengthens mobility policies through passwords. This cross-platform software is affordable, with options ranging from $3 to $10 per month. The software keeps devices locked down when not in use and sets limits on functions so that management can keep employee usage under control. As a security feature, MaaS360 can wipe data from lost or stolen devices.

As long as management does its homework by conducting a cost analysis then setting clear and appropriate policies, BYDO can help enable workers to be more productive at their jobs.

 

Addressing BYOD Challenges Using the Cloud

Cloud, BYODBring your own device (BYOD) policies are on the rise, and not just at startups: recent surveys have shown that over 70% of organizations either have a BYOD policy in place or are planning to introduce one. The benefits, from lower hardware costs to increased employee satisfaction, are clear. Unfortunately, so are the drawbacks – increased IT support costs and heightened security concerns among them. One surprising answer to these concerns may be cloud computing.

 

The Challenges of BYOD

BYOD policies buy flexibility on the employees’ end with a decrease in centralization and standardization on the company’s. Employees may choose to do their work from different devices (such as computers, smartphones, and tablets), on different operating systems, and from different locations. This may include accessing company data from unsecured networks and using devices or browsers with security issues or ones that aren’t compatible with file types used. This increases the burden on a company’s IT department, as they may need to become fluent in supporting a number of different platforms.

 

Cloud Computing’s Answer

While cloud computing may seem like a step away from controlling company data and employee access, it actually allows a company to add a layer of abstraction between employee devices and company resources. This layer can then be optimized for security and access.

Moving documents to the cloud, for example, allows the cloud-based service to enforce its own access protocols, and may also allow for more sophisticated locking, check-in/check-out procedures, and version tracking/control. Cloud services may offer two-factor authentication and other protocols for access management. And if an employee’s device should be stolen, having documents in the cloud – rather than allowing local copies to be kept on the user’s device – mitigates the risk.

Cloud computing can also be made more secure by mandating the use of certain policies and tools:

  • DNS firewalls. Part of the appeal of BYOD policies is the ability to work from outside a company office, whether at an out-of-state conference or a local coffee shop. But these unsecured hotspots may be attractive targets for opportunistic hackers. DNS firewalls, so long as they’re kept up-to-date with accurate threat data, can safeguard activity on unsecured networks.
  • Standardized software. Even if the devices show startling diversity, the software run on them doesn’t need to. Employees can be required to access company resources using certain applications on their devices, or even to use Software as a Service cloud applications. This narrows the scope of what IT needs to keep an eye on.
  • Requiring appropriate devices. A BYOD policy doesn’t have to mean that anything goes. A company can meet employees halfway by allowing them to use one of a variety of devices – so long as those devices meet minimum hardware and OS requirements, or come from a pre-approved list. Options available could be validated by IT departments to ensure that they are free of major security vulnerabilities.

 

Implementing BYOD

There’s no one-size-fits-all BYOD implementation, and cloud computing isn’t the only tool available. To learn more about the perils and payoffs of BYOD, contact us today.

BYOD and Enterprise Mobility Strategies

BYODEnterprise mobility is designed to secure optimal efficiency and productivity. No truer is this than when it comes to bring your own device (BYOD), which allows employees to tap into current technological trends.

Uniformity and consistency in communications is crucial for any business, and clients expect responsive service at every turn. This means all employees need ready access to business resources and protocols. Whether in-house, remote, or on the go, employees must be able to use preferred mobile devices to meet business directives and goals.

Before deciding on BYOD environments, managed platforms, or hybrid approaches, companies should take a close look at their existing application architecture and business requirements. This allows businesses to take a proactive approach when it comes to enterprise mobility strategies and solutions.

​Successful BYOD Implementation

The following steps are critical when formulating BYOD plans:

  • Determine concise priorities for timely and effective client engagement.
  • Create a unified, streamlined, and centralized mobile platform that helps both employees and clients.
  • Administer and implement the most cost-effective solutions for business networks, apps, devices, and data.
  • Look for ways to save money while increasing access and availability for employee and client communications.

Before implementing new mobile strategies, however, enterprises have to analyze their existing situations. They must also taken into account which BYOD plans will best serve the needs of workers and clients.

Platform Decision Making

Standardized platforms are easier to implement and manage in terms of BYOD restrictions and access, especially when organizations rely heavily on line-of-business apps or have strict security guidelines. However, employees tend to be very attached to their favorite digital, remote, and wireless devices. As a result, they may not be too willing to adopt new devices. Companies must determine which units can be subsidized and integrated to secure comprehensive and cohesive platforms.

Another option is to establish a platform that discovers and identifies devices automatically. This is known as mobile device management (MDM), and is designed to help companies manage their BYOD, standard, or hybrid environments. Working with a good mobility partner can eliminate the obstacles that hinder overall performance and productivity. MDM can also secure the best solutions for businesses that want to offer BYOD but are unsure of restrictions and accessibility.

Managing Applications and Data

It is vital to determine which applications employees are using — and what they’re using them for. If applications are not being used for business purposes, a business has the option to implement strong security measures. This prevents employees from conducting personal errands during business hours, and keeps them on track with company goals and requirements.

New devices, apps, and programs and developed every day, and employees must be able to adopt these burgeoning technologies in an efficient and controlled manner. To foster greater growth and mobility, business must first consider whether or not to enable BYOD, then determine how to manage and enforce the policy once implemented.

What Businesses Need To Know About Security In 2015

Mobile securityThere has been a data security arms race dating back to at least the 1970s. In recent years, however, that arms race has escalated steeply, with many global hacking and black-hat activist groups deploying increasingly sophisticated and wide-spread attacks that are difficult to defend against.

Worse, many of these attacks are done for no reason other than to prove they can be done. The recent high-profile attacks on the Sony and Microsoft gaming networks over Christmas, for example, were engineered by a small group who had no ideological, or monetary goal. Taking down the XBox and Playstation networks was simply an advertisement for the hackers’ do-it-yourself botnet software.

Bring-Your-Own-Device (BYOD) policies similarly bring big security challenges, with the majority of data breaches now coming from plain human error. Networks are growing faster than anyone can oversee them, much less protect them. Companies that desire safety from cyberthreats in 2015 will need to take security more seriously.

Major Network Security Concerns In 2015

1 – Visibility

Today’s Systems Administrator needs the ability to actually see what is happening on the network at any given time. The high-profile attack on Sony Pictures involved many terabytes of data being transferred out of the system, including complete uncompressed movies in production. Had Sony’s sysadmin even known this was happening, the hack could have been shut down far earlier.

Investment in network visibility solutions, such as “smart” systems alerting admins to potential issues, and admins who are capable of understanding what those alerts mean in context of the entire network, is neccessary.

2 - Mobile Application Management (MAM) over Mobile Device Management (MDM)

For many companies, the solution to BYOD security problems was Mobile Device Management (MDM). In this scenario, a business takes direct control of employee devices, dictating installed software and firmware.

The problem here is twofold. First, employees find this extremely intrusive and resent having to give up control of their personal devices. Secondly, MDM is not very effective – there are too many other avenues for attack. Additionally, if MDM damages the device, a nasty blame game and Human Resources problem can erupt.

Mobile Application Management (MAM) is a more valuable investment. By putting protections on the server side, restricting access to data and apps, MAM can block suspicious activity without putting onerous controls on workers’ devices.

3 – Flexibility

Finally, in a more general sense, businesses must find ways to improve cyberthreat response times. Hackers are intensely “in the moment,” monitoring their attacks closely, and quickly adapting attack strategy in response to defensive moves. When system administrators, or network security bots are handcuffed by procedures that guarantee day or week long delays, hackers have the advantage.

Businesses must take network security as seriously as a nation protecting its physical borders. Defense measures, such as Mobile Application Management, improvements in network visibility, and reduced threat response times are paramount. In 2015, anything less is an an open invitation for hackers.

5 Things Every IT Team Should Know About IoT

shutterstock_178555349While there are many different elements affecting the way IT teams work, the Internet of Things (IoT) is something that has recently warranted a lot of extra attention. IoT will be as influential in the world of technology as the Internet was when it was first implemented, and it will also be just as beneficial.

As many consumers continue to utilize IoT in their lives, such as with Fitbit fitness tracking watches, the workplace is an important place for this technology as well. In fact, Gartner predicts at least 26 billion devices will be connected by 2020. However, while the prospect of using more connected devices in the office might appeal to consumers who use them, some IT professionals haven’t welcomed IoT with open arms just yet.

Here are some of the reasons why.

BYOT Is Another BYOD

IT professionals have just started getting used to “Bring Your Own Device” (BYOD) management. IoT brings the additional challenge of “Bring Your Own Thing” (BYOT), which means more responsibility for IT teams. In addition to those for BYOD, unique BYOT policies will be required for risk and liability management.

Security

As more connected devices appear in the workplace, IT teams must consider the potential security threats that will inevitably come along with them. Any device that allows access to sensitive data makes an IT professional think about the possible exploitation of that device and the loss of important data.

Connection Compatibility Requirements

In addition, IT teams must take into account the compatibility of connected devices. Not all devices use the same connection method, such as Bluetooth, and with more variation comes additional work-around methods that IT departments need to figure out.

Storage Needs

Along with more devices comes more storage space demands. If a growing number of devices are using the same Wi-Fi network to connect, it could cause connection and syncing complications. In addition, refined paths for data delivery will be required for many devices, which will fall under the responsibility of the IT department.

More Devices Means More Attention

Each newly connected “thing” will require occasional attention by the IT department. Devices such as coffee makers and trash cans that monitor fullness will require maintenance when the technology fails, and many will need to undergo periodic software updates to keep them functioning properly.

IT Will Adapt to IoT

Just as with previous technological advances at both work and home, IT professionals will need to adapt to the Internet of Things, albeit more urgently. Planning, integration and network monitoring methods will need to be created, which will take time. IoT is worth adapting to because of its many benefits, but its effectiveness will rely heavily on IT teams’ abilities to maintain and manage it.

IoT has the opportunity to innovate nearly every industry. While the prospect of IoT can seem daunting, experienced IT professionals will adjust to this new technology accordingly. In the near future, it’s likely that IT teams won’t be able to recall a time before the convenience of the Internet of Things.