ACCESS CONTROL: Going Mobile, Going Perilous
It’s a new conflict and enterprise challenge – how to securely control access for mobile workers, including the security staff and security data.
Only a short time ago, being a mobile worker simply meant that one didn’t work in the same conventional office space shared by most company employees. Instead, this kind of mobile worker likely worked remotely at a home office or occasionally at a coffee shop with Wi-Fi access or some other fixed location. Because work locations and networks were predictable and fixed, the security needed to support these mobile workers was straightforward. It simply required providing a solid means of authentication and a good, conventional virtual private network (VPN) and the job was done.
But not anymore.
There is a distinct and rapidly growing population of workers who are much more literally mobile – spending a majority of their work day moving from place to place, network to network and sometimes even from one device to another. This group now includes the chief security officer and his or her security officers. In fact, research firm IDC forecasts that such truly mobile workers will comprise as much as 70 percent of the U.S. workforce by 2009. The security issues such a workforce presents are worthy of some pretty serious attention.
Must be mobile
For truly mobile workers, mobility is inherent in performing their jobs. Security officers must be at incidents but also be able to communicate and gather information, too. A utility worker must be in the field to perform his work and yet still must have access to dispatch and facility and customer information; a field engineer must travel from site to site accessing schematics and diagnostic applications; and an insurance adjuster must log claim details from the scene of the accident.
The security issues and IT complexity inherent in a single, typical day for many mobile workers can be staggering. In a single day, a mobile worker may:
Access the corporate network using networks ranging from 1xRTT (at under 100 Kbps) to a Wi-Fi access point (at more than 1 Mbps).
Attempt to access the same corporate applications from a fixed location such as a customer’s office campus and a wide area network while in a car moving at 70 mph.
Access the security video or corporate network using a laptop, a handheld computer and a home computer.
To effectively manage mobile workers and mitigate the risk they might present to security, purpose-built policies are required. And the technology to enforce those policies is essential.
To enable and manage a productive mobile workforce, a couple of key solutions are required – a mobile VPN and some form of policy management. Following are some important considerations when choosing solutions in these categories.
For a VPN to be effective and useful in truly mobile conditions, it must not only provide rock-solid security but must do so in a manner that survives wireless network coverage gaps and transitions from one network type to another. Most mobile VPN vendors call this “seamless roaming.” The VPN selected also maintains application sessions during loss of connectivity or network transition. It should significantly improve mobile worker productivity and cut down on support calls.
Remote access VPN is not recommended. SSL VPNs are well established as a key means of providing secure access for remote workers. However, they have difficulty handling the continuous connectivity required by mobile workers, especially on wireless networks, and cannot support access to network intensive applications such as analytical software or real-time video while on the move.
A mobile worker may want free and unfettered access to the Web, but a business has priorities and costs to control. Policy management can be used to enforce those priorities throughout the diverse network and device environments mobile workers use.
The policy management solution selected should allow controlled access to information and applications based on the following important conditions:
- NETWORK SPEED – ensure that critical applications are top priority on slow networks and keep traffic from non-essential applications from tying up these networks.
- TIME OF DAY – vary policies for off-work hours.
- MOBILE WORKER CREDENTIALS – create distinct policies for different workers or work groups, including security staff members.
- MOBILE DEVICE OR DEVICE CLASS – for those applications that are restricted to laptop or desktop access only.
While not the only technologies a mobile workforce may require, the right policy management and mobile VPN solutions comprise a firm foundation on which to build a mobile workforce.