+44 (0) 333 12 12 100      hello@purdi.com

13 May 2014 Meeting the Challenges of the Borderless Network

Posted at 08:28h in General by

Mobile is here to stay

Statistics support what IT departments already know, mobile devices have overtaken PC’s in popularity and will continue to gain ground in the workplace for the foreseeable future. In 2013, US sales of Android smartphones and tablets exceeded PC sales by almost $400M, while the global sales of all mobile devices grew from $821M to $1.2B. Whether organisations are providing mobile devices to employees or allowing them to bring their own devices (BYOD), the advantages of mobile connectivity in the workplace seem to have outweighed the risks for most organisations. This universal acceptance has occurred because mobile connectivity offers benefits for the bottom line:

    • The mobile workforce lowers costs – Companies save on travel expenses and the cost of office space, and gain in employee satisfaction and retention. A Citrix study reported 53% of business leaders cited lowering cost as the main reason they supported mobile devices at work.

 

    • Mobile devices increase productivity – Surveys show that mobile technology can increase productivity by as much as 45%. A recent Telework survey of 300 government offices found that 76% of workers report that mobile devices have increased their productivity on the job.

 

  • They enhance workforce flexibility to speed up business processes – Workers have access to business applications on mobile devices anytime and anywhere, enabling them to process orders, respond to customers and troubleshoot issues whether traveling, working at home, or onsite.

 

Security challenges of the borderless network

Some of the features that make mobile devices an advantage in the workplace are proving to increase the security risks and present new challenges to IT security professionals. As mobile technology continues to evolve, so do the tactics of cybercriminals dedicated to exploiting weaknesses. What has been called the “new threat landscape” is particularly treacherous for corporate data now traveling on thousands of mobile devices. Advanced persistent threats and zero-day exploits are increasingly aimed at the mobile workforce. Unfortunately, security vendors are often trying to secure the borderless network with technology that was developed before a mobile workforce even existed. Some of the obstacles present in providing comprehensive mobile security include:

    • Cyber Criminal syndicates engage talented hackers and exchange or sell exploit kits freely, with tactics as creative as the solutions they are trying to foil. The fact that mobile technology is evolving quickly adds more challenges for security vendors trying to protect networks and data.

 

    • The cost of data breaches continues to rise and many losses are the result of sensitive data exposed on employee personal mobile devices. Costs from regulatory fines, litigation, brand damage, and more, can mount, and aren’t confined to large enterprises. A 2013 Ponemon report showed that even losses of 100K records or less cost an average of $5M per incident.

 

  • Securing mobile devices can be costly because of the lack of integrated solutions. Many vendors are striving to upgrade legacy security solutions to encompass technology that didn’t exist when the security solutions were first created. As a result they try to integrate third party mobile device management (MDM), which can create gaping security holes.

 

BYOD introduces unique security challenges

While allowing employees to bring their own devices to the workplace may seem to be a cost-savings approach, the price of securing them can be significant. Some of the problems security professionals encounter in trying to secure their BYOD users include:

    • What security experts call the Consumersation of IT speaks to the thousands of applications available on mobile devices, some of which may be the product of cybercriminals looking to gain access to user data stored on devices, or worse, deploy malware on a user’s network. Anonymizer and file-sharing services accessed by BYOD users are fertile ground for cybercriminals seeking exploitable vulnerabilities.

 

    • Shadow IT, which describes a phenomenon resulting from the growth of cloud-based applications where users can upload data to sites such as Dropbox or LinkedIn, without getting IT permission. Some BYOD users are circumventing IT, sometimes unintentionally, or even in groups, by uploading data or downloading risky applications.

 

    • Most of the mobile applications are very low cost or free, and mobile users seem eager to deploy them, even when they are using their mobile devices for both job-related and personal tasks. The fact that many users prefer to use one mobile device compounds security issues. One survey found that 38% of users prefer to have only one smartphone for both work and personal use.

 

    • Operating system fragmentation is a BYOD issue because of the variety of operating systems used in mobile devices. This makes securing BYOD users more complex because versions may vary depending on when users choose to upgrade their devices. Users who fail to perform timely upgrades can have bugs from previous versions, making securing those devices more problematic.

 

    • Uniformly enforcing corporate policies and regulatory compliance is more complex for BYOD. It may be possible to apply corporate-wide policies to company-owned devices, but granular policy enforcement across a range of platforms and users who are off -network on personal devices can be daunting. Compliance becomes particularly critical considering employees may be storing sensitive information such as intellectual property or customer data on a personal mobile device.

 

  • Erosion in network performance can occur from multiple mobile devices driving up bandwidth consumption. A Cisco study showed that knowledge workers in the US own an average of 3.3 devices each. Imagine those devices are looking for, and installing application updates as soon as they connect to the network. Many organisations aren’t prepared for this level of demand and many security solutions lack the bandwidth management tools required to handle spikes caused by mobile usage. These factors can erode network performance and jeopardise high availability (HA) environments.

George’s Google+ Profile