Mobile computing technology allows company employees to work as productively from home or hotels as they can from the office, but the face of computing
technology is changing. Employees no longer want to be tied to using company laptops when they have a PC at home. What’s more, Smartphones and tablets have now become as ubiquitous as the traditional mobile phone ever was, providing low cost computing for employees to access company information.
As a consequence, cost conscious business
owners can now avoid the need to fund and manage mobile communications for their staff by establishing a “bring your own device” (BYOD) policy, and
allowing employees to select their own mobile devices for work.
Maintaining Security For Mobile Working
Companies have been using simple VPN technology built into firewalls to provide mobile computing for laptop users for a number of years,
but as the range of devices that companies want to be able to support for remote working expands, different approaches need to be adopted to reflect the
degree of trust that you place in the device connecting in to ensure that your IT systems are not exposed to an internet hack or security breach. You may
have full control over software that is installed on company laptops, but this is not going to be the case if you allow employees to use their own PC’s
or tablets.
- Laptops – Company laptops generally need full access to your company network. Nonetheless, if an “infected” laptop logs into the network, malware can be spread through your network causing your systems to crash. Laptops should therefore be screened before connection to your network to ensure that they have no unauthorised applications / malware installed. Screening for critical Windows patches and up-to-date antivirus can either be performed in the office using Network Access Control (NAC) software which is built in to the endpoint security software of the major security companies, or using VPN Gateways for remote users which will only permit access to your company network once the device connecting has been certified as “clean”.
- Home PC’s – Even though you have no control over software installed on your employees’ home PC’s, it is still possible to allow them to access your internal systems securely providing you restrict the applications that they have access to on your network using a VPN Gateway which can selectively permit access to your network while maintaining a degree of separation to prevent malware infection. In this way, it is possible to provide secure access to email and file shares from any device. You can also provide secure access to other business applications via Windows Terminal Server / Citrix providing your employees had administrator access to the PC being used to connect in. The VPN Gateway can even provision the appropriate “thin client” to the home user’s PC without them having to install the software locally.
- Smartphones / Tablets - Apps designed to run on smartphone operating systems undergo stringent review before being published on Google Play or the Apple AppStore. Device interrogation is therefore less critical for a tablet or Smartphone than for a laptop and in practice it is difficult to control apps installed on tablets or Smartphones. It is quite straightforward to provide access to corporate email and files on file shares from mobile devices, and access to line of business applications can be provided via a web browser. Mobile Device Management software should however be considered to ensure that password / PIN security is enforced to prevent unauthorised access to the device (and thereby to your network), as well as to ensure that company data is erased in the event that the device is lost, or that an employee leaves your company.
In many ways, mobile working and cloud services go hand in hand. You can now access your company business applications from any internet connected device
using either Software-As-A-Service (SAAS) applications or Hosted Desktop technology which allows you to access your existing business applications via a
web browser. Mobile Computing support isn’t however the primary driver for adoption of cloud computing. The ability to run any business software
application for your company without having to invest in hardware and skilled technicians to maintain it is cloud computing’s primary attraction, but
mobile computing has been the trigger for a number of companies to take their first steps into the cloud.
Keeping Hackers Away
Once you allow your staff to work remotely or indeed move to cloud computing, you are reliant on passwords to prevent unauthorised users from accessing
your company data. Unfortunately, static passwords can be compromised since they either get written down on sticky notes, or may be too simple and can be
guessed. The way to protect against password theft is to employ two factor authentication using an App that is installed on the employees Smartphone,
which allows you to generate a unique 6 digit password every time your staff log in. The downside of using two factor authentication is that your users
need to generate the one-time-password as an extra process when logging in, but if your data is confidential or has commercial value, you may decide that
this is a price worth paying.
Summary
Technology is now available to provision secure remote access from any device that can connect to the Internet, although a little planning (and knowledge)
is required to ensure that opening the doors to remote working doesn’t mean that you expose your company data to significant risk. If you would like to
know more about IT support services and network security products available from Clearview Data Systems, please download our "Secure Remote Access" white paper, call us on 01707 255060, or email
info@clearview.co.uk.
No comments:
Post a Comment
Do you have a burning "How do I do that?" IT question that you need an answer to? Post it here and one of our engineers will answer it if they can. If we can't, we will get back to you and let you know nonetheless.