New mobile devices and new ways of getting online are quickly becoming the path of least resistance for data leaks, and the path of most opportunity for cybercrime. Securing the modern mobile worker, whether inside or outside the office, and protecting the organisation from malware, data loss and uncontrolled web app use, is forcing new thinking from IT and more flexible, unified web security options from the security industry.
In today’s environment, securing the network means securing the user. Applying a defensive barrier around the user is far more effective approach to security than traditional security solutions which are not equipped to continuously protect, control and manage users as they move from headquarters to branch offices, to remote locations, and from desktops to laptops and mobile devices.
Compared to just a few years ago, there are big differences in the number and type of devices mobile workers use to get online. Throughout the working day and well into the evening, workers remain productive across a range of devices, whether they’re company issued or employee-owned. Their location and task will dictate which one to use.
Cybercrime sees this as an opportunity – instead of a well-protected desktop computer, behind layers of security such as a firewall, connected to the internet via a Secure Web Gateway, and traditional desktop AV , we have valuable data and accessible logins moving between multiple devices, browsers and internet connections compounded by these devices then returning into the enterprise network.
The consumerisation of IT has led to a rapid growth of consumer technology inside the enterprise, with a new, diverse set of mobile devices, including employee-owned personal devices being used to conduct work-related activities on the road. Analyst Forrester estimates that device use proliferation is real and happening in our businesses today – while around a quarter of employees use just one device to access corporate resources, another fifth use two devices and a staggering 52% use three. Of course, this opens up a backdoor for malware to make its way onto the corporate network and confidential information to escape.
When we’re out of the office, there are also some important differences in how we get online. To get the job done on the road, the typical mobile worker will need to access the Internet and their company’s servers from multiple cellular and WiFi networks, at home, in a coffee shop, at the airport, or on a customer site. Some are secure, others are less secure. Because many mobile devices connect automatically, mobile workers may not be able to initially tell when they are connecting.
Some may be forced to when their regular trusted networks aren’t available. Others simply want free access. Connecting devices to unknown or untrusted wireless Internet access remains one of the most problematic security issues for the mobile worker. Many unsecured networks will have been compromised to gather logins and passwords.
Protecting mobile workers who access the Internet and corporate resources from multiple networks, use laptops, tablets or smartphones depending on where they are, and bring their own devices to work, requires our current security approach and services to be extended and enhanced.
In most cases, security needs to be deployed in a much more flexible way than ever before to offer consistent protection that suits the unique needs and habits of the mobile worker. We should look to unified web security – enabled through appliance, software and especially cloud security solutions that deliver the same, up-to-date protection across all devices and access methods.
One of the greatest challenges is to confront the fast moving, increasingly mobile savvy cybercriminal community. The threat landscape is evolving, as quickly as the battlefield is changing. With emphasis placed on mobile devices new routes for access become available. For example, as the worker moves from network to network they are as likely to be checking their social network as their work email and it is exactly this new type of social behaviour that the cybercriminals are exploiting.
It is important then, that IT should look to take an equally agile, equally mobile-oriented approach to protecting users and the organisation from malware. To secure whatever network connection we use while mobile, a cloud-delivered web security service satisfies the need for flexibility and transparency. This protection needs to not only integrate seamlessly with existing infrastructures like VPNs and private clouds, but also be transparent to the user and aggregated to the administrator.
IT should consider a unified secure web access approach that leverages secure web gateway appliances inside the premise and cloud-delivered security outside that is transparent to the user, works across all device types and secures all access methods. Secure web access should be based on a consistent set of security technology and a consistent policy that provides the proactive defense needed to face up to today’s threat environment to protect workers equally well, inside or out of the office.
Whatever device our workers are using, whether they are company-issued or BYOD, our security approach must be designed to provide consistent protection. Likewise, to offer consistent protection that suits the unique needs and habits of the modern mobile worker our current security approach and services have to be extended and enhanced and deployed in a much more flexible way than ever before.
Choosing to craft a solution out of traditional premise-based approaches, or solutions that offer purely cloud-delivered Security as a Service, or piecemeal end point products will ultimately be ineffective in protecting the new breed of workers and devices from the new wave of threat. Instead, look to a unified secure web access approach that is designed to protect the user no matter where they are, no matter what device or network they’re using to get online.