Mobile Communications

Jeremy D'Hoinne (Europe) - Why Europeans Should Welcome Personal Mobile Devices into the Company

When you ask Chief Security Officers for their nightmare scenario, they invariably mention either a network outage or an intrusion. For years, the enemies were known and relatively limited in number, but today we live in one open network, threats are more diverse, and the old "Maginot line" strategy is out-dated. Times have changed, haven't they? Well if you put yourself in the shoes of an enterprise network security professional, limiting access to internal resources might still be your holy grail. Unfortunately though, you now have more than just the one perimeter to deal with; you are indeed in charge of dozens, hundreds, maybe thousands of small and mobile networks: your users.


The rise of mobile devices in Europe

In Europe, during the 2000s, we've seen an incredible adoption rate of high throughput networks and mobile devices. It started at home, with affordable DSL Internet access, where competition between ISPs has forced prices ever lower, while available bandwidth has increased by orders of magnitude. In France today, for example, 30 € (44$) a month can buy you up to 100Mb/s.

This abundance has set an appetite for technology. European countries are right behind the US in terms of consumer mobile phone adoption and tablet usage, but as always, the enterprise market has moved at a slower pace. One reason for this is that for a while, the big European ISPs maintained high prices for enterprise connectivity, in a desperate attempt to finance the huge infrastructure costs required by the Internet's mass adoption.

Combined with the late awareness of network security threats, Europe has directly switched from isolated networks to massive numbers of mobile users. Yet Europeans still lack the necessary, proven tactics to adopt these new tools without putting their business at risk.


Bringing your home to work

So, while the difference between home and office equipment is still significant, employees will bring their home devices to work. They use their personal computer on the enterprise network, mainly because it is unlocked, and might even embed software dedicated to avoid the company's web filtering policy.

This issue is not really new, but it is overwhelming. For years, preventing unauthorized access to individual devices has been enough of a challenge: blocking USB ports, CD-ROMs, unwanted network file transfers, preventing the antivirus being switched-off, etc. The list is almost as endless as the imagination and ingenuity of a user intent on winning that all-important e-bay® auction bid.


Lock them down

What can we do? The most obvious and - let's admit it - "comfortable" - solution is to come back to the Maginot line tactics. It is a common, and valid, security policy to admit only company devices and to block access from everything else. The only problem with this is that it doesn't work! There are just too many device changes and too many requests for remote access. How can you say "no" to your VP of sales who demands you give him access to his "damned e-mails" while traveling overseas? You can't. He is an Apple fan and don't want your obsolete 3GS for which you've negotiated a good deal? It seems that your security policy is in trouble right away.


Responsible opening

The reality is that IT professionals don't have a choice; they can fight the wave and lose, or try to surf it. Application-level security policy should replace device-based access-lists - whatever the device is - personal or corporate. Despite what some security vendors may tell you, this does not mean you have to forget the devices completely. You just need to have the ability to recognize it and apply different security profiles accordingly. Technology can help. A unified security gateway should be able to manage local and remote access, automatically identify the applications and devices in use, and apply different security inspection strategies based on this information.

Tracking the different usages and automatically adapting your security policy gives you an all-important advantage over a simple blocking strategy: you know what's happening. This enables you to act on the most important link in the overall security chain: your users.

By Jeremy D'Hoinne, Director of Product, NETASQ.


« Sundar Raghavan (North America) - Keeping the Cloud Under Control


W. Hord Tipton (UK) - The Impending Skills Gap in Information Security: A Holistic Approach is Crucial »

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech


Do you think your smartphone is making you a workaholic?