Ali Ahmar (Middle East) - Securing the Mobile Workforce

How do you protect valuable enterprise data in an age when employees frequently work beyond the reach of traditional data centre security controls?

Increasing staff mobility means that building a rock-hard perimeter is no longer sufficient -- because when staff no longer work from a specific workstation that is hard-wired into the corporate local area network (LAN), it's no longer clear where an organisation's perimeter lies.

Employees may be based in remote, regional outposts and working across a wide area network (WAN). They may be on-site, but working over a wireless local area network (WLAN) from warehouses, distribution centres or other far-flung points on an organisational campus. They may be travelling between meetings, attending conferences, working at clients' offices or from their own homes and connecting to back-end systems over the Internet.

To meet the challenges of the mobile workforce - a more holistic approach is required that seeks to impose rigourous data security measures not only at the corporate network core, but also at its edge and onwards to its most distant endpoints, such as laptops and smartphones in the field.

The core is the best place to start. While it's vital to secure data no matter where it resides, the most critical business data is the Storage Area Network (SAN). This fabric is centralised and supports almost every aspect of the data centre - from the server environment and workstations, to edge computing and the back-up environment. This makes it an ideal place to standardise and consolidate a holistic security strategy. The key is to build upwards and outwards from there, developing robust and non-intrusive security policies that address the needs of different kinds of users.

A fabric-based security solution is an increasingly popular option which is an architectural approach that incorporates a security intelligence layer, managed through a centralised administrative console.

The benefits are clear. It enables IT professionals to create and enforce security policies; update them or develop new ones in response to emerging threats; to monitor systems and conduct regular security audits of the corporate infrastructure, with a view to spotting potential breaches before they occur. The right solution will also incorporate powerful encryption technology - preferably including AES-256 - enabling them to wrap sensitive data in transit between systems in an additional layer of protection.

From these foundations, network infrastructure products that reach the mobile workforce can be plugged into the backbone, extending security best practices to the rest of the corporate infrastructure. Take, for example, the corporate network's edge: technology advances mean that a WLAN can now extend an enterprise network to areas of the business that were previously unattached to the enterprise infrastructure.

In this way, remote teams working from anywhere on that campus can access the applications they need from laptops, tablet PCs and PDAs. They may be warehouse staff recording the dispatch of goods to a customer from a loading bay, medical staff taking patient details in an outpatients' clinic, or library staff providing a mobile book collection service.

Some CIOs and their teams still have doubts about the security of wireless networking technologies - a hangover, perhaps, from the early days of the 21st century when vulnerabilities in the Wired Equivalent Privacy (WEP) protocol were publicly exposed. But today's wireless networking products, when tied to a secure data-centre fibre backbone, can offer levels of end-to-end protection just as secure as a wired network. WPA2 (Wi-Fi Protected Access), based on the IEEE 802.11i security standard, uses algorithms built on AES, for example. Wireless intrusion systems, meanwhile, enable IT teams to detect and locate unauthorised devices. And techniques such as 'geofencing' enable them to provide access to back-end systems based on the physical location of wireless devices.

A robust, holistic security strategy that takes into account increased mobility will seek to secure mobile devices both locally and centrally. Local measures include hardware lock-downs (equipment should be password-protected so that it can't be accessed by unauthorised users) and software-level precautions (encryption should be applied so that even if the device is compromised, the data it contains is useless without the proper authentication keys). Meanwhile, at a centralised level, network administrators need to tie network access control (NAC) and intrusion-detection systems into the corporate security backbone, so that they can control the data traffic that flows to and from these devices at the point where the corporate network meets the public Internet.

From a solid foundation, it's possible to build an architecture today that protects corporate data from malicious activities, data breaches, network intrusions and policy violations, even as it roams the campus and the wider world in the hands of mobile workers. Many companies looking to do just that; according to IT analyst firm Forrester Research, approximately 40 per cent of businesses will significantly increase their spending on new IT security technologies in 2010. But without a strong, secure core, corporate data at the network edge and remote endpoints may prove far harder to lock down.

Mr. Ali Ahmar is the Regional Sales Manager MENA, for Brocade.



« Christian Sundell (Finland) - Managing Users and their Entitlements Centrally - When, How and Where to Start?


Brandon Faber (South Africa) - South Africa's "KING III" Report »


Do you think your smartphone is making you a workaholic?