By Malcolm Orekoya, Technical Specialist, Netutils
Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.
Everything delivered by the IT department nowadays is frequently classified as a service function. With Consumerisation of IT (CoIT), the consumption of these services is affected by the trends in mobility, bring-your-own-device (BYOD) and cloud, which in turn puts pressure on the scalable infrastructure you need.
The number one risk management concern for IT managers with CoIT is security, but in what context? As workers become more mobile, adopting BYOD and accessing corporate applications and information remotely, an IT manager needs to be able to guarantee that the access and authentication from these devices is secure – as well as make sure that if these devices are lost or stolen, the information they hold and can access does not end up in the wrong hands.
One way of achieving this is via profiling based on the user, type of device (managed or unmanaged), resources being accessed, location being accessed from and the role of the user. For example, an employee using a corporate device, accessing the network remotely and an employee using a personally owned device, accessing the network via the wireless local area network (WLAN), are two distinct profiles that require different policy enforcement.
To minimise risk, authentication (user and device) needs to work with posture checking of endpoints, secure remote access, mobile device management (MDM) and secure wireless connectivity. An end-to-end security infrastructure is required; one that is easy to deploy and manage, as well as one that can provide the performance, access and integration needed. For example, Juniper Networks provides the single Junos Pulse endpoint client, capable of providing secure mobile remote VPN access and network access control (NAC), with role based access control and 802.1x authentication. In addition, the Junos Pulse Mobile Security Suite MDM is purpose-built for mobile devices and provides anti-virus, anti-spam, anti-malware, endpoint firewall, loss and theft protection and endpoint monitoring.
CoIT is not the same as BYOD; it covers the changing trend in the way technology is used. Therefore, cloud services such as storage (Dropbox, Box, Google Drive) and applications (Office365, Salesforce, GoogleApps) – as well as in house developed proprietary applications – all need to be secured within their virtualised environments.
The underlying infrastructure of the virtualised environment and the networking infrastructure (switches, routers, firewalls) needs to provide an end-to-end approach that is secure, scalable and resilient. For example, the single operating system in the Junos OS from Juniper Networks, runs across many of its security platforms, allowing administrators to consistently apply policies across the board without having to learn and manage a variety of systems. The innovative technology for securing the virtualisation space is Juniper Networks’ virtual gateway (vGW) product, which focuses on security within the hypervisor and between virtual machines as they communicate in the virtualised platform, as well as outbound. This is a further example of how vendors and manufacturers need to understand the elements that form the foundation of front end resources.
Numerous surveys have shown the impact of the proliferation of personally owned mobile devices onto the enterprise network. One of the impacts of this over the last few years has been the malware threat, and general increase in the amount of cyber threats specifically targeting mobile devices – especially Android devices. Risk management needs to focus beyond managing mobile devices via MDM platforms, to actually securing the corporate data in transit. This involves sandboxing technologies, such as Secure Virtual Workspaces (SVW), which were the initial and most popular solutions in the early days of mobility, to new smarter devices that encrypt data on the devices and in transit, or provide dual boot functionality with physically or logically separated segments on the device.
CoIT is here to stay; we have been talking about these trends for a few years now. If you are managing risk, the next step is to understand the solutions currently available, which will help manage it from end to end.