Mobile Workforce - Defining New Security Norms

Date:   Friday , June 26, 2015

Founded in 2003, Barracuda Networks (NYSE: CUDA) is a worldwide leader in Security, Application Delivery and Data Protection Solutions. Headquartered in California, the company has a market cap of $2.24 billion.

The Information Technology sector is booming and the research and development in this sector is powering radical innovations at a very fact pace. These radical discoveries have the ability to transform the way businesses conduct their routine business, while allowing them to achieve highest levels of efficiency. Mobile access to company data and Bring-Your-Own-Device (BYOD) are some of the trends that are burgeoning among the consumers as well as powering the corporate sector. As these enhancements are promising for the corporate world they also bring about the need for extra caution to review the security infrastructure.

Innovations in consumer technology space together with the phenomenal growth of wireless Internet has given birth to this new era mobile workers who believe in staying connected and available at work even on the move. According to Gartner, by 2016, two-thirds of the world\'s mobile workforce will own a smartphone and 40 percent of the entire workforce will be mobile. There is increased acceptance among organizations to implement BYOD policies and mobile admittance to business data is fast becoming one of the defining factors of realizing full efficiency and effectiveness for mobile workers.

Measuring the Risks

While companies may be able to cut down on cost by adopting BYOD policies, this trend is forcing dramatic changes in the way the network infrastructure is perceived and built. As IT experts specialize in detecting maliciousness, trends such as these increases the risk of data breaches as these personal devices are usually not protected by enterprise network security measures. These risks include:

  • IT administrators losing the visibility of devices accessing corporate system and data outside the network. Also, they cannot gather forensic information in case of data breaches from these devices.

  • Unsafe or insecure applications that can compromise the security of corporate networks may be present on employee owned devices.

  • These devices are often used on unsecure networks (like public Wi-Fi hotspots) opening the door to malware infections or data leakage.

  • \"Jail broken\" or \"rooted\" mobile devices may provide enhanced features and functionality; however this opens the device up to potential risks. Beyond the ability to override the device security, malware can be embedded within the software used to root the phone, or within applications that are installed from unknown or unreliable sources.

  • Corporate network or sensitive data can be accessed on personal mobile devices if the device is stolen or the employee leaves the company.

  • Personal devices are more vulnerable to attacks due to the wide use of social media applications.

How Secure is a Personal Mobile Device?

One of the biggest challenges for IT administrators for the company is to ensure that their users fully understand the need to secure their personal device when in use for work. Especially so now as cyber-attack threats on mobile devices are increasing resulting in data loss, security breaches and compliance/regulatory violations, yet most users often have a \'false sense of security\' that their devices are secure and its cannot be compromised.

While some attacks do not leave tell-tale signs, there are a few key methods in identifying if your mobile has been hacked such as:
  • Additional charges to your online purchases of applications

  • Unusual data download and upload usage patterns

  • Rapid battery life failure

  • To mitigate these risks, IT administrators must make mobile security a part of their overall network security strategy. If an organization decides to allow their employees to bring their own devices, it needs to build in solutions that will take care of most of their concerns.

    They should ensure that corporate network policies extend to employee owned devices. They should also implement mechanisms to secure, regulate and monitor access to corporate resources and data from these devices. Mobile security should be incorporated into all aspects of security rather than implemented as an afterthought.

    Organizations can do a lot to secure their own infrastructure from hackers by using secure proxy such as Web Application Firewalls (WAF) as a front end to their web applications. Web Application Firewalls are special devices that focus on securing Web traffic from the network level and as such have much more intelligence about Web threats. It is also essential that while these systems are internally complex, IT administrators shouldn\'t be exposed to the complexity that may dampen security measures instead of enhancing them. By simplifying your IT processes, time and human error can be minimized to ensure your company data is safe.

    Looking Forward

    The corporate world is coming to accept that the modern workplace will be a multi-device workplace. As much as this presents a newer form of challenge to the IT administrators, there are always enough and more ways to manage this issue of data fragmentation. What is important is to work towards creating a more secure firewall with increased privacy controls and data protection. The driving force behind organizations encouraging mobile access to data is the persistent advancement of security innovation, which renders the confidence to businesses that their most critical business asset, their data, is fully-completely secure.

    Going forward there is much responsibility on the shoulders of the technology providers to fight the newer advanced vulnerabilities. As mobility technologies become more commonplace security technologies will take the front seat in the IT strategies for businesses. The task at hand will be to envision the security needs of the next generation mobile initiatives and gear up to deliver the ammunition for the same.