Comment: Securing the remote working environment

McFarlane believes that in an increasingly flexible working environment, mobility should sit at the very heart of good security practice
McFarlane believes that in an increasingly flexible working environment, mobility should sit at the very heart of good security practice

Today, companies are coming under increasing pressure from employees to introduce flexible working practices that allow staff to be away from the office without losing productivity. Mobilising the workforce and enabling staff to access enterprise applications, systems and processes, wherever they might be, is increasingly recognised as the key to unlocking efficiency benefits.

Yet there is a problem here. In providing remote staff with real-time wireless access to corporate data, enterprise businesses must also consider new security challenges, as traditional ‘behind the firewall’ measures are typically insufficient for the protection of corporate information in a wireless environment.

There are a wealth of proven management tools available which can directly address these issues. These can cover all aspects of network security, as well as mobile devices, supporting IT systems and infrastructure, personnel and processes. In supporting effective mobile and data management within a secure environment, communications can move decisively to become an enabler, rather than an inhibitor, to the successful growth of the broader business.

Lack of visibility

Pan-European research undertaken on behalf of Vodafone Global Enterprise confirmed that the issue of network and data security remains a recurring nightmare for senior management, with more than half of the survey respondents confirming that combating security threats was a high priority for their organisation.

Indeed, perhaps reflecting the growing emergence of mobility tools, enterprise businesses identified a number of specific security threats in the use of mobile communications. In particular, the two most significant issues highlighted were managing the use of mobile devices on insecure networks and dealing with unauthorised data access through lost or stolen devices – both cited by 34% of respondents as of greatest concern.

Despite such worries, two-thirds of telecoms managers across Europe lacked confidence that their businesses had robust security measures and systems in place to protect sensitive data stored on the device. Nearly one in ten expressed serious doubts, believing that there were likely to be gaps in their security measures.

However, on a more positive note, the advent of newer technologies appears to be helping here, with only 22% registering fears around smartphone viruses, for example.

Out of sight, out of control…

As with other aspects of communications management, a lack of visibility and control typically sits at the centre of such security concerns.

When asked how well they were able to monitor the status of mobile devices across their organisation’s global footprint, nearly half the respondents knew how many had been issued but were unsure how many were now dormant. Of even greater concern, a further 4% were unsure exactly how many had been issued in the first place and were in current use.

In terms of operational support, this variable picture was reinforced by the fact that only one in three businesses believed they provided a consistent level of handset repair and replacement across their global footprint. A further 59% felt that, though this was generally the case, ‘in some markets this simply is not possible’.

Lost device, lost data?

The bottom line here is that security is not as watertight as it could, or should, be. This was reinforced by the findings on built-in security and the ability to respond effectively in the event of a potential breach.

When asked, for example, how confident they were that data stored on the device or the network would not be compromised in the case of a lost or stolen device, many were positive about their ability to cope with this effectively. Worryingly however, nearly twice as many expressed varying degrees of doubt.

Overall, one third of respondents expressed confidence, on the basis that ‘robust measures and systems were in place’. However, 57% had some doubts, concerned there might be vulnerabilities for which they were unprepared and a further 9% had serious doubts, on the basis that their organisation was ‘likely to have gaps in their security measures’.

Yet there is an even greater concern here, as more than half of respondents overall were unable to remotely erase data stored on a lost or stolen device compromising the corporate network.

A best practice response

In an increasingly flexible working environment, mobility should sit at the very heart of good security practice.
Remote working has many benefits but it also presents risks. With the rapid uptake of mobile data and greater use of mobilised applications, confidential data is potentially compromised. Remote or mobile workers may be forced to rely on non-standard connections, depending on where they are.

With the proliferation of devices and connection methods, it becomes harder to ensure that every connection point can be trusted. Yet organisations and their staff expect nothing less than continuous availability, which in turns requires the communications infrastructure to be stable and reliable at all times.

In mobilising business applications safely, a best practice security framework should identify new threats and incorporate a number of key components.

First, in the area of device security, it is essential to protect each mobile device against attacks and threats such as loss or theft, malware or local wireless networks.

Second, service security should include both the device and the network, such as mobile email and secure access to corporate applications.

Finally, it is imperative for network security targets operating on a mobile network with high availability and enforcing access control, to operate together with secure protocols over a single wireless network or between networks.

In closing...

As markets become more competitive and international, businesses need to drive productivity and responsiveness in order to meet new customer needs and challenges. Mobilising the workforce and enabling employees to access the corporate network, wherever they are located, is critical in delivering the essential flexibility to respond to these new demands.

This brings with it new security challenges. It is no surprise, therefore, that security concerns remain one of the biggest hurdles to a more diversified and flexible workforce. Yet once overcome, the application of secure wireless mobility solutions throughout the enterprise will help substantially in creating the agility and flexibility needed to enable real competitive differentiation in the marketplace.

Andy McFarlane, head of marketing for Vodafone Global Enterprise, has nearly 20 years of experience in the ICT industry, having worked in a variety of sales and marketing positions for IBM at both a global and a local level. His previous role was as director of marketing and communications for IBM UK and Ireland. McFarlane received an MBA from Manchester Business School in 1998 and is a passionate advocate of a common sense and pragmatic approach to successful marketing execution.

What’s hot on Infosecurity Magazine?