Adopting a “mobile first” approach is more enlightened.
It sees the enterprise or campus as a uniquely mobile experience that directly aligns with productivity, collaboration and security. A mobile first strategy takes into account that most users are likely to be using mobile devices and accessing mobile apps and data, then makes its policy and technology decisions based on that reality. What organizations often fail to see, however, is that mobility requires its own unique security strategy.
Some of the security issues that arise in a mobile enterprise are:
BYOD (Bring Your Own Device). Enterprises no longer have a homogeneous network peopled by a small army of Lenovo PCs and Blackberry devices on company-installed operating systems; they’re contending with iPhones, iPads, Android smartphones, Sony laptops and dozens of other different devices on hundreds of operating systems and firmware versions. The proliferation of personal/business devices makes it much harder for enterprises to manage connections, encryption, access and identity.
Mobile email. The #1 vector for network intrusion is still email, and mobile devices are not immune. Here, the weakest link in the security chain is the human element; network users need to be educated on how to protect their devices, and networks need to be armed with the right tools to protect themselves when compromised mobile devices try to log in to the network.
Role-based access. Surprisingly, many wireless networks simply divide network access into two broad roles: internal user (e.g., employee) and guest. Guests are given limited access to certain applications, while internal users are given access to everything. This is a recipe for disaster. Instead, enterprises should define access roles at a much more granular level. For example, an accountant should have access to financial files that an engineer should not.
Mobile sprawl. A lot of wireless networks have grown iteratively: add a new router here, a new wireless access point there, etc. in order to meet coverage and capacity needs. The problem with this approach is inconsistent security and policy enforcement. Depending on how each device is configured, security gaps may exist in the network that can create opportunities for network intrusion.
Creating a secure mobile first strategy starts by asking yourself: Where are our wireless weaknesses? Fortunately, your networks users will probably be happy to point these out if they haven’t already. Looking at your Help Desk tickets is also a good indication of where pain points exist. From there, a security adviser like Rolta AdvizeX can look for the underlying problems by examining your network configuration, identifying bottlenecks, etc., and then present a multi-year roadmap for change that includes a dozen or so network initiatives that can have the biggest impact on your wireless security and user experience.
Those recommendations may include:
- Implementing Aruba ClearPass for role-based access and user authentication
- Adding mobile device fingerprinting or “security posture checking” capabilities to your network (another Aruba feature)
- Expanding capacity with open-platform wireless access points that integrate well with multivendor legacy devices
- Creating a centralized mobile network management platform (through Aruba AirWave) that provides seamless visibility into all of your wireless network devices
Once you have a secure mobile platform in place, your organization can really begin to leverage the power of mobile communications for a competitive advantage and as a path to innovation—a topic I’ll cover in my next blog, “Tech Talk: Rolta AdvizeX Mobility with Aruba Networks.”
To learn more about implementing a “mobile first” strategy talk to Rolta AdvizeX about Aruba Networks today. ▪