Product 4/5
Product Details
Security on the move
The more mobile devices are used to access critical enterprise applications, the more important it becomes to slot them seamlessly into the company's global security strategy.
More and more mobile staff are using notebooks, PDAs and, increasingly, smart phones too as their points of access to business-critical applications. Wherever there is a need to process sensitive business data, however, there is a corresponding need to protect the devices themselves, communication with the corporate network, and the systems and access points in the local network. The authors of viruses have long since trained their sights on PDAs and smart phones; and the number of unprotected WLANs is an open secret. On top of all this come the issues of potential theft and loss.
Exhaustive protection and security measures are imperative in order to ward off these threats. It is not enough merely to safeguard pieces of equipment and protect access to the corporate network: Organizational measures are also needed. The META Group, for example, recommends that mobility policies governing the use of notebooks, WLANs, PDAs and mobile phones be introduced and communicated prior to roll-out. Further, META advises companies to set up a center of excellence (with the involvement of the security officer) to coordinate and handle all moves to integrate mobile devices and users.
Standardization simplifies security management
The crucial thing is to identify which mobile devices and communication channels are at all suitable for accessing the corporate network. The fewer mobile platforms and technologies that have to be supported, the more efficient the protection that can be provided. Ideally, a standard model should be defined that admits exactly one release of the system and application software in each approved device category. Corporate IT should then configure this system – based on the principle of granting as few access rights as necessary.
Securing equipment
Just in case a mobile device should ever fall into the wrong hands, it is important to define a set of precise rules stating who is to be informed immediately, for example. In addition, powerful encryption is required wherever local data has to be temporarily buffered on a mobile device.
Safe access
In many cases, the task of safeguarding access points to the corporate network and the process of accessing the corporate network is far more complex than merely protecting the mobile devices themselves. "Without a VPN you can basically forget it," says Dr. Roger Friedrich Klahold, Chief Technology Officer of the Service Factory at Siemens Business Services (SBS). Klahold himself equipped over 1000 field service staff with a GPRS smart phone-based mobile solution developed by SMS in collaboration with Siemens Communications. The IT expert draws a clear distinction between access to core applications on the network and optional applications that only necessitate Internet access. Access to SBS' internal network is handled via a separate access point name (APN) stationed with the provider. On the other hand, a second APN is used to set up a VPN between the device itself and a separate VPN gateway on the periphery of the SBS network to handle Internet access. A RADIUS server ensures reliable authentication. "That way, we can be sure that mobile staff are protected by our corporate security measures every time they access the Internet," Klahold explains.
Updates and patches
Mobile staff are often pressed for time. Accordingly, they also need centrally governed update mechanisms that either upload new releases automatically or make them available for download.
