Mobile workplaces are a trend and whether companies like it or not – employees demand this work concept. Do you also struggle making mobile yet highly secure workplaces come true? Download our latest e-book and see how VPNs can help you with this matter!
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
How VPNs Help Providing Secure Mobile Workplaces
1. How VPNs Help Providing
Secure Mobile Workplaces
IT Security
2. Secure Business Connectivity
2
Wrestling with Mobile Workplaces: VPNs Provide the Foundation for Secure Networking 04
Benefits and Downsides of Mobile Workplaces 06
The Benefits of Mobile Workplaces 07
The Downsides of Mobile Workplaces 08
Security Issues 09
Why is it that Especially Mobile Devices Present Such a Big Issue for the Company IT? 11
Access to Content Repositories 15
App-Security 15
Mobile Device Management 16
Mobile Data Access 16
Application Publishing 17
Developing a Strategy for Mobile Workplaces 18
Technical Approach to a Successful Mobile Workplace Realization 21
Different VPN Types for Different Situations 21
IPsec VPNs 22
SSL VPNs 23
Selecting the Optimal VPN Solution 24
3. Secure Business Connectivity
3
Creating Best Practices that Will Maximize Employee Productivity 26
Maximize Employee Participation 28
Ensure Employees Have the Productivity Tools They Need 29
Free Use of Personal Apps and Services 29
Offer Self-Service Support for Everyday Activities 30
Broad Choice of Devices 30
Avoiding the Security Pitfalls of a Mobile Workplace Deployment 31
Ignoring Common Threats 32
Taking a One-Size Fits All Aproach 32
Failing to Educate Users 33
Assuming Users Will Follow Security Policies 33
Conclusion 34
Interested ? 35
Footnotes 36
Picture Sources 37
4. Secure Business Connectivity
4
Wrestling with Mobile Work-
places: VPNs Provide the Foun-
dation for Secure Networking
It’s hardly a secret that mobile working is
the dominant trend among employees,
in small and large businesses alike. Gart-
ner predicts that by 2015, there will be
nearly 300 million tablets and two billion
smartphones used by workers. IT teams
have discovered that it is impossible to
buck this trend and they are learning to
embrace and manage it. The emplo-
yees’ main motivation to work mobile is
both the comfort level and anytime, any-
where access to information from their
organization’s databases and servers.
Often, mobile working is referred to the
use of smartphones, only. However, it
comprises a lot more of scenarios than
the use of smartphones. Generally spo-
ken, mobile working just means using
any device for accessing corporate re-
sources from anywhere. Thus, we are tal-
king about tablets, notebooks and even
desktop PCs, as well.
5. Secure Business Connectivity
5
This has to be considered when im-
plementing a mobile workplace strat-
egy within the company since different
devices and operating systems might
be used – with different implications
for IT security. To be most effective it is
advisable to not only consider the different
scenarios and associated peculiarities
but also to develop a strategy that fits the
company´s needs across all kind of de-
vices. To support this, the use of modern
VPN technology solutions is most benefi-
cial for companies – from a management
as well as a security perspective. We will
discuss the different types of VPNs as
well as critical aspects when choosing an
appropriate VPN solution subsequently.
To quantify the impact of mobile work-
places on organizations of all sizes, the
Software Advice blog surveyed organiza-
tions ranging in employee count from 3 to
more than 110,000.
The survey also revealed that employees
use their mobile devices (whether com-
pany or employee-owned) approximate-
ly equally for business and personal use.
For business purposes, 67 percent of em-
ployees use devices for business emails,
phone calls and other correspondence,
48 percent access corporate tools and
applications and 44 percent use it for pro-
fessional networking (1).
Figure 1: More than 54% of employees use both
company-issued and personal devices.
7. Secure Business Connectivity
7
The Benefits of
Mobile Workplaces
Besides the fact that companies allowing
their employees to work from anywhe-
re have a competitive advantage due
to increased agility, flexibility, and ability
to respond to changing circumstances,
it facilitates higher workforce produc-
tivity, too. One should not forget that
with mobile workplaces companies are
also able to decrease costs: less office
space is required and energy costs can
be decreased if employees work from
a remote location; on the other hand,
company IT processes can be optimized
and require less administration effort.
From an employee perspective, higher
productivity especially comes from an in-
creased mobility as well as the anytime/
anywhere access to business-critical in-
formation and applications. By this, em-
ployees have more power and freedom to
successfully and quickly satisfy customer
demands and requests, thereby increa-
sing employee motivation, too.
8. Secure Business Connectivity
8
The Downsides of
Mobile Workplaces
Downsides or potential risks have to be
equally considered when discussing a
mobile workforce strategy, of course.
However, although it is important to know
about these issues, it has to be stated
that most of the issues can be comple-
tely solved by applying the right strategy
and technology. In the following we pre-
sent the most common risks, followed
by guidelines and tips how to overcome
these obstacles.
10. 10
A recent survey conducted by Oster-
man Research found that during a typical
month, 4.3 percent of network endpoints
become infected with viruses or mal-
ware, which translates to 52.1 percent
of endpoints over the course of a year.
Secure Business Connectivity
The average time to remediate a single
endpoint is 72 minutes and 5.2 percent of
IT staff time during a typical week is spent
on email security management alone, the
study found (2).
11. Secure Business Connectivity
11
Why is it that Especially Mobi-
le Devices Present Such a Big
Issue for the Company IT?
IT teams are unable to implement pre-
existing security policies across all de-
vices and platforms. New security po-
licies, which take this into account, are
available, but have to be implemented.
Innovative remote access solutions alrea-
dy resolve a large part of the problem on
the technical level, so that the user need
not be too strongly restricted.
For small and medium businesses, and
enterprises alike, where employees must
connect to a local network, VPN is the
critical technology. Tunneling into LANs
across a VPN enables users to access
files and/or control the applications on
in-office equipment that are required
to complete daily projects regardless
of device or location. Only an Internet
connection is required.
12. Secure Business Connectivity
12
Modern remote access solutions protect
the company network effectively. They
can, for example, check files for viruses,
and if necessary, remove them, while the-
se files are being downloaded. Another
part of this initial step is ensuring that em-
ployees can only connect to a network
via a VPN versus a direct connection,
even when the user is on site. IT teams
can also prevent a user from opening a
second, parallel Internet connection as
long as the user is connected with the
company network.
Allowing employees to work from any-
where introduces vulnerabilities at many
layers within the network, and as a re-
sult, there are many ways IT teams must
address these risks. The first step is to re-
duce the risk of a device becoming infec-
ted and transmitting the malware into the
company network. Some organizations
require that a device has specific antivi-
rus and management software installed
before it is allowed to connect to
a network.
13. Secure Business Connectivity
13
VPNs can allow the employee to access,
work on and store their content on the
local network without any data ever being
stored on the used end device.
It is interesting to note that in a recent
SANS Institute survey (3), fewer than 50
percent of IT team respondents had a
“fairly” or less confident level of knowing
what types of devices are accessing
their networks:
This effectively prevents malware from
using this way to enter the company
network. The secure tunnel of a VPN is
a must since it prevents cyber thieves
from gaining access to any information
as it travels between locations. Emplo-
yees working with mobile devices may
be tempted to email documents, but the
security of this email can never be gua-
ranteed. Emailing documents also requi-
res employees to store content on the
device, exposing that material to theft.
14. Secure Business Connectivity
14
Figure 2: In addition to many IT teams having low
awareness of the devices accessing their net-
works, just 52 percent believe their security po-
licies are “thorough” or “very thorough,” while 17
percent believe their policies are “insufficient even
for basics,” or that they should go “back to the
drawing board.”
15. 15
Access to Content Repositories
Within organizations of all sizes, emplo-
yees do not only store content on both
servers and other repositories but they
are increasingly accessing this content
on their smartphones, tablets and other
mobile devices, too. Security solutions
should enable employees to access the
same content on their mobile devices as
they can on their PCs. They should also
be able to begin to work on content on
one device and then later finish working
on it on another device.
App-Security
Not all apps are alike when it comes to
security – There is a huge amount of apps
in several official App Stores, with hund-
reds added daily. Just a few errors in the
code for an app can make it, and the rest
of the content on an employee’s device,
and thereby the entire corporate network,
vulnerable. Moreover, it has been found
out that many apps unwantedly catch all
contact data from the smartphone.
Many related security
issues are occurring
with mobile devices as
well. HOB notes a few
of these subsequently.
Secure Business Connectivity
16. Secure Business Connectivity
16
Mobile Data Access
Emailing or opening documents in other
applications – Allowing employees to
email content or open them in other ap-
plications can result in potential data
leakage. IT teams wrestle with the degree
of control they should exert, including
completely disabling the ability to email or
open content in other applications, mark
certain folders as “allowed” or “disallo-
wed” to be emailed, or maintaining an au-
dit log of which documents the employee
emailed and to whom.
Mobile Device Management
Regulation of content on devices can be
tricky – There can be limited options for
corporate IT teams to manage content
locally (on a device). This includes mana-
ging functions such as having the option
to disable caching of all data on a device,
to mark certain folders as “permitted” or
“not permitted” to be cached, or to delete
documents from the cache after a speci-
fic time period.
17. Secure Business Connectivity
17
Application Publishing
If a company wants to provide its emplo-
yees with certain applications, this would
mean a huge effort. With a modern re-
mote access solution, this effort can be-
come obsolete: solutions that allow for a
browser-based access make application
publishing very easy for the IT administra-
tor. It is sufficient to install the application
on the company server and provide em-
ployees with the link through which it can
be remotely accessed via the Internet.
19. Secure Business Connectivity
19
In order to properly solve the issues de-
scribed above, it is necessary to develop
a strategy of how to cope with mobile de-
vices, thereby also taking company indi-
vidual requirements and restrictions into
account. In the following we provide you
with some aspects that are essential and
mission critical. For a successful strategy
first of all objectives need to be defined.
It is impossible to develop optimal secu-
rity processes to protect corporate data
without knowing what should be achie-
ved with having employees accessing
company data anywhere and at any time.
The most typical goal is to boost overall
productivity and worker mobility.
20. 20
• What are the security implications
of connecting mobile devices to
the network?
• What is the best approach for
securely connecting mobile de-
vices to file servers, the Intranet,
company specific applications or
other content repositories?
• How should IT teams determine if
employees can store data
locally, and if allowed, what types
of data?
• Does jail breaking a mobile device
affect security?
• Should the IT team prevent em-
ployees from emailing corporate
documents on their remote de-
vices and/or opening the docu-
ments in other applications?
• Does support exist for multi-
factor authentication that does
not require passcode entry every
time a device “wakes up?”
As IT teams review
their current security
processes, they must
answer the following
questions.
Secure Business Connectivity
21. Secure Business Connectivity
21
Technical Approach
to a Successful Mobile Work-
place Realization
After having defined a strategy, the ques-
tion arises which technical solution fits
all these needs and requirements best.
Generally spoken, it is most common to
deploy any kind of VPN technology for
this purpose. However, there are several
approaches of VPN solutions which are
described in the following.
Different VPN Types for
Different Situations
Different VPN types exist that fit to dif-
ferent network architectures and user
needs. Each has benefits and weak-
nesses IT teams should consider before
selection and deployment.
22. Secure Business Connectivity
22
IPsec VPNs
IPsec VPN solutions are very widely used
and for many years were the standard
remote access solution. They are espe-
cially well suited for fixed connections,
for example, from the enterprise network
to branch offices or suppliers and cus-
tomers. They allow complete network
access and are considered to be secu-
re and reliable. When using IPsec VPN
technology in combination with mobi-
le devices, this technology exhibits a
major drawback:
an IPsec VPN client has to be installed
on every end device. If the employee is to
set up the client himself, then he could be
faced with complex configuration work,
e.g., the target networks, which may be
more than he can handle. This is why the
installation of the VPN client has to be
done by the IT administrator, causing a
lot of extra work for him.
23. Secure Business Connectivity
23
taken to a company individual Web page
including several options for network ac-
cess or company applications. An SSL
VPN allows full network connectivity, as
does an IPsec VPN, but can be deployed
more easily to remote users since neither
installation nor administrator rights on the
client are needed. This makes SSL-VPN
solutions, especially as regards to mobile
devices, attractive for enterprises.
SSL VPNs
Secure Socket Layer (SSL) VPNs have
gained in popularity because they
are “clientless,” meaning the remo-
te device doesn’t need to have a client
pre-installed to connect to the corporate
network. In many situations, an SSL VPN
tunnel is created when a remote user
opens a Web browser and connects to a
pre-defined URL. The VPN then prompts
the user for a user name and password.
Once authenticated, the user is often
24. Secure Business Connectivity
24
Selecting the Optimal VPN Solution
For the most part, which solution IT teams
select depends on the needs remote
access must address. If it is a matter of
a fixed connection to branch offices, then
an IPsec VPN would be the first choice.
The technology is tried and proven. There
are appropriate gateways for all possible
amounts of users and requirements.
The only prerequisite: an experienced
IT administrator must be on site to con-
figure the connections and manage the
devices. Access rights and installations
on the employees’ devices can be agreed
upon and company-specific solutions
can be implemented. If employees don’t
give their approval for access to their
devices or if IT teams want greater
flexibility, then SSL-VPNs are the preferred
choice. As only central administration
is required and no installation or
administrator rights on the end device are
necessary, the time and expense for IT is
greatly reduced.
25. Secure Business Connectivity
25
This is an effect that becomes clearly vi-
sible when each user works with different
devices to access centrally stored data
and applications. These devices don’t
have to be managed anymore. Access is
available from any device, regardless of
the client’s OS, (e.g., Windows, OS X, Li-
nux, UNIX, etc.) to any target in the enter-
prise, from Windows Server with Remote
Desktop Services (RDS) to legacy sys-
tems. All the user needs is a Java-capa-
ble browser and an Internet connection.
Modern solutions perform many securi-
ty-relevant actions centrally, which then
don’t have to be implemented on the cli-
ent. Mobile workplaces and the best pos-
sible protection for enterprise data are
thus no longer mutually exclusive.
27. Secure Business Connectivity
27
Crafting and implementing an organizati-
on-wide mobile workplace approach will
ensure managers and employees alike
enjoy a positive experience. Below are six
practices that are typically effective.
28. Secure Business Connectivity
28
Maximize Employee
Participation
For a company where the goal is
to maximize employee productivity,
maximizing employee participation first
is critical. As previous experience with
earlier productivity tools, such as email
and IM, it is clear that limiting access to
these solutions also limits their value.
While not every employee benefits
equally from productivity solutions such
as mobile workplaces, without a critical
mass of users, the benefit will be limited.
It is perplexing sometimes that IT teams
want to limit solutions such as mobile
workplaces only to those supposedly
need it. If employees are willing to work
remotely and this will allow them to
respond to colleagues and customers
faster, wouldn’t IT teams and managers
want as many employees as possible to
work from anywhere and at any time?
29. Secure Business Connectivity
29
Free Use of Personal Apps
and Services
Employees should be able to use their
personal apps and services, even if the
device is owned by the company. There’s
a significant difference between blocking
an employee from storing their personal
information on a cloud service and ensu-
ring corporate data doesn’t end up in the
public cloud. IT teams need to focus on
controlling data, not devices.
Ensure Employees Have the
Productivity Tools They Need
Employees are eager to use a whole ran-
ge of productivity tools, that add to the
IT team’s worries about securing the net-
work. Unsure how to handle such em-
ployee requests, IT teams often either
do nothing and let employees use these
tools without providing adequate security,
or block use of the tools entirely. Security
solutions exist that will allow employees
to utilize tools while concurrently preser-
ving the security of the network.
30. Secure Business Connectivity
30
Broad Choice of Devices
The mobile workplace program should
support a wide range of devices,
or the program will not be popular.
There can be challenges, especially
due to, e.g., Android’s variability regar-
ding support for on-device encryption
and other enterprise-level security and
management controls.
Offer Self-Service Support for
Everyday Activities
There is often a concern that mobile de-
vices will increase support costs. This is
typically not the case. And, if IT teams
offer a self-service capability, especially
for routine activities, it can often result in
decreased support costs. IT teams need
to know where to draw the line. They
should always offer to assist with sup-
porting business apps, but never offer to
support personal apps and services.
32. Secure Business Connectivity
32
There are several common problems that
occur with mobile workplace deploy-
ments and it’s important that IT teams
stay in front of these to protect their
organization’s resources. These include:
Ignoring Common Threats
Most of the focus on mobile security
to date has been on malware, which is
important, but a more common threat
today is mobile phishing. It’s harder on
a mobile device for the user to identify
phony URLs, making it more likely they will
succumb to a phishing scam.
Taking a One-Size Fits
All Approach
There are a few options for the IT team
to manage mobile device security, but
these come with a level of inconvenience
for users. For example, mobile virtualiza-
tion can enable users to work remotely
without any data on their devices, but this
may be overkill for the employee who just
wants access to email.
33. Secure Business Connectivity
33
Assuming Users Will Follow
Security Policies
Employees will resist any inconvenience
or threat to their personal privacy when
using their company devices for private
purposes, too. This forces IT teams to
focus on protecting their data and not the
devices.
Failing to Educate Users
As the mobile workplace trend prolifera-
tes, it becomes harder to manage how
people use mobile technology; IT teams
must rely on educating employees to par-
ticipate in keeping corporate data secure.
34. Secure Business Connectivity
34
Conclusion
Despite many critical voices raced in the
discussion of mobile workplaces, the ad-
vantages for both, companies and em-
ployees, cannot be denied. The success
of a company wide mobile workplace
program is largely influenced by defining
the right strategy, using the right techno-
logy and involving the right people.
While defining the appropriate strategy,
company individual policies, conventions
and requirements should not be neglec-
ted. Otherwise the upcoming realization
of the strategy will fail due to impacts
that do not fit the company. In terms of
technology, VPNs are a core component
of a comprehensive cyber defense infra-
structure and have come to the fore as
flexible working has taken root in many
businesses. Despite many advances in
network security, robust VPNs remain
critical to ensure remote employees and
employees using their own devices can
enjoy the convenience of anytime, any-
where connectivity and IT teams can en-
sure date integrity. Finally, the results will
be best if all stakeholders are involved in
an early stage of the realization process.
Often, employees highly value the pos-
sibility of participation and influence and
therefore observe rules more willingly.
35. Secure Business Connectivity
35
Interested?
Would you like to check out the numerous
benefits of HOB Software?
Just call us or send us a quick mail!
You are welcome to contact us:
HOB GmbH & Co. KG
Schwadermühlstraße 3
90556 Cadolzburg
Tel: +49 9103 715 0
E-Mail: marketing@hob.de
Webseite: www.hobsoft.com
Information in this document is subject to change without notice
HOB is not liable for any omissions or errors which may be contained in this document.
Product information contained herein is from March 2013.
Any trademarks in this document are the property of their owners.
Layout: Maximilian Göppner
36. Secure Business Connectivity
36
Footnotes
(1) BYOD or Bust, Kyle Lagunas, HR Mar-
ket Analyst, Software Advice, March 2012
(2) A Cloud-Client Architecture Provides
Increased Security at Lower Cost, Oster-
man Research Inc., January 2012
(3) SANS Institute SANS Mobility/BYOD
Security Survey, March 2012