Security Implications of the ‘Mobile First’ Workplace

Mobile communications is now a lifestyle for many of us. So CIOs are tasked with creating top-notch mobile experiences for employees and customers alike.

Many are turning their attention toward “mobile first” development – creating apps optimized first and foremost for mobile platforms. The approach makes sense. These apps have user interfaces tuned specifically for the screen at hand. The really strategic ones exploit the unique properties of mobile devices and wireless networks, such as sensor-based data gathering and analytics or personalized content and operation. The goal, in part, is to reinvent productivity for the modern workplace.

Now, it’s tough enough to create “frictionless” mobile experiences – getting these apps to work the same way from anywhere, with any device. But the real “gotcha” is the parallel effort it takes to double down on security. Ensuring that data remains safe while it travels across multiple networks, both private and public, with few definable borders, raises the stakes significantly.

Two trends will help on this front: 1) being able to host and secure mobile apps in the cloud; and 2) beefing up the intelligence in branch routers to provide safe, direct Internet access (DIA) to cloud and Web apps and data for wireless employees and guests.

Compliance and Security in the Cloud

In pre-cloud days, a typical enterprise network setup would backhaul traffic from branch and mobile sites to a company’s data center, where security policies would be applied and threat defense scanning would take place. This is becoming less practical. Delays incurred by backhauling impede mobile performance. And some businesses don’t even have data centers; they are using the cloud instead of building and maintaining their own infrastructures.

So you need to be able to run all your compliance and policy enforcement, VPN (encryption), authentication, and threat defense functions in the cloud. Anyone who tries to access your cloud-based resources will be protected, from a network standpoint. Can you get all these capabilities from your cloud provider? For mobile users traversing a public cellular or Internet link to reach resources, that’s a must.

To protect any data that might reside on the mobile device itself, it’s important to encrypt the data locally and be able to remotely wipe the device if it’s lost or stolen.

But what about employees who fear their bosses will view their personal information? Or that a device wipe wouldannihilate their own apps and data too?

A recent survey found that 57 percent of employees don’t participate in BYOD programs for these reasons. The article suggests, though, that more companies will adopt BYOD as they move to the cloud. The reason is that the cloud makes it easier to deploy apps that let employers protect corporate data without being able to view, alter, or delete personal data and applications.

Securing Direct Internet Access Links

For branch and remote company sites, if you have both a data center and are using cloud services, you might very well have a business-grade network service such as an MPLS VPN, with accompanying service-level agreements for network uptime. But if you want to provide your mobile employees or customers (think guests in a retail store, for example) DIA for optimum performance, it can be costly to grow your WAN using these types of link.

An alternative is to infuse public Internet, cellular, or other less expensive links with the same intelligence you get (if not more) from an MPLS VPN. It’s now possible to deploy router software that applies encryption (something that doesn’t even come standard with MPLS VPN services), malware scanning, and a variety of quality-of-service and WAN optimization capabilities.

Bottom line: Going mobile first is a big challenge in and of itself. Coupling those efforts with the required network, app, and device security used to be a hurdle that few could overcome. Now, however, there are options that empower you to protect your data and resources even in the unstructured world of wireless.