Posts

Wireless Security: Why You Need to Take It Seriously In 2018

When waves of cyber attacks hit last year, such as WannaCry and Not Petya ransomwares, businesses lost billions of dollars in high-profile breaches. In addition, more than half of the U.S. population’s Social Security information was compromised in the Equifax breach. It was a record-breaking year.

Perhaps the only good that came out of these fiascos is that users became more aware of the importance of cyber security. But it is no longer sufficient to only care about wired network security. Organizations and businesses also have to pay attention to other aspects of security, such as physical security and wireless security.

In line with multiple cyber security forecasts, such as our 8 Cyber Security Predictions for 2018, organizations need to watch out for more sophisticated attacks in 2018. According to the Wi-Fi Alliance, more than 9 billion wireless devices will be used in 2018. Gartner forecasts connected devices to rise from 11 billion in 2018 to over 20 billion by 2020. With the proliferation of wireless-enabled and IoT devices, wireless network security is vital.

However, not all wireless security solutions are equal. Last year, for example, many dealt with KRACK (Key Reinstallation Attack), which leveraged a WPA2 vulnerability that could lead to man-in-the-middle attacks. While many wireless vendors suffered this vulnerability, SonicWall wireless access points were not vulnerable.

How do I choose a wireless security solution?

It can be easy to get drawn in by sales pitches that show you pretty dashboards, features that you don’t need or seldom use, or super-expensive gear that you pay a premium for just because of the brand name.

Instead, take a step back and think of what you really should care about: a Wi-Fi connection that actually works with unfaltering security. Make sure you are committing yourself to a vendor that takes security, user experience and reliability very seriously.

How can I make my Wi-Fi secure?

Organizations, small- and medium-sized businesses (SMB) and individual users can implement cyber security best practices to drastically reduce Wi-Fi vulnerabilities.

  • First and foremost, make sure that you are not broadcasting an open SSID (how others see and connect to your wireless network)
  • Adjust the transmit power on your access points to serve just the area of coverage that is required
  • For corporate networks, separate guest users from internal users
  • Turn on rogue detection and ensure that firewall settings, such as DPI-SSL/TLS are enabled on your network
  • To further improve security, add a firewall to your network

Wireless is an overlay to your wired network. Adding a firewall with an integrated wireless controller capability to your network will further enhance the security of your entire network. The benefits of adding such a firewall include:

  • Complete management of wireless and wired infrastructure
  • Granular application identification, control and visualization
  • Discover and block advanced threats and vulnerabilities
  • Improved security posture and performance that scale to your business requirements

Though there are many wireless security features that can enhance your wireless security, some are more critical than others. Basic functionalities like Wireless Intrusion Detection System (WIDS) and Wireless Intrusion Prevention System (WIPS) must be supported across wired and wireless infrastructure.

Others cyber security capabilities, like application control, content filtering and deep-packet inspection (DPI) even over encrypted traffic, are all essential.

Adding multi-layered security protection to your overall network infrastructure will help minimize network breach success. In order to support the next-generation mobile workforce, BYOD and ability to implement wireless guest services is significant. Site tools can be used to survey wireless signals to optimize the required area of coverage.

These wireless security capabilities, coupled with single-pane-of-glass management, makes it effective and efficient for network admins to have visibility into the network and detect threats on a real-time basis.

Should I buy a SonicWall wireless access point?

SonicWall is a pioneering leader in cyber security, providing seamless security and comprehensive breach detection across wired, wireless, cloud and mobile networks. Best-in-class security latest 802.11ac Wave 2 technology, and an attractive price point make SonicWave wireless access point solutions a sound choice for organizations of all sizes and industries.

[foogallery id=”5554″]  
SonicWave wireless access points come in three options:

  • SonicWave 432i (internal antenna version)
  • SonicWave 432e (external antenna version)
  • SonicWave 432o (outdoor access point)

The SonicWave 432 Series comes with a built-in third radio for dedicated security scanning. While many companies provide security and wireless products, SonicWall offers a true end-to-end secure wireless solution.

Need more information about wireless access security? Read our executive brief, “Why You Need Complete Wireless and Mobile Access Security.” Together, let’s make sure your network is ready to face these challenges, and create a fail-proof network for a secure, next-generation user experience.

Move to the Cloud and Enable Secure Collaboration with SonicWall SMA OS 12.1

Moving to the cloud and enabling mobility are top IT priorities for organizations of all sizes. Today, most business have adopted a hybrid IT model, which includes legacy on-premise applications in local data centers and popular SaaS applications hosted in the cloud.

Securing this hybrid IT environment, while providing a consistent experience — with anytime, any device, any application access to authenticated users — remains a key challenge for the IT department.

Keeping those priorities in mind, SonicWall today launched the new OS 12.1 for its Secure Mobile Access (SMA) appliances.

Move to the Cloud

For organizations embarking on a cloud migration journey, SMA offers a single sign-on (SSO) infrastructure that uses a single web portal to authenticate users in a hybrid IT environment. Whether the corporate resource is on-prem, on the web or hosted in the cloud, the access experience is consistent and seamless. SMA also integrates with industry-leading multi-factor authentication technologies for added security.

Mobility and BYOD

For organizations wishing to embrace BYOD, flexible working or third-party access, SMA becomes the critical enforcement point across them all. SMA delivers best-in-class security to minimize surface threats, while making organizations more secure by supporting the latest encryption algorithms and ciphers.

SonicWall SMA allows administrators to provision secure mobile access and role-based privileges so end-users get fast, simple access to the business applications, data and resources they require. At the same time, organizations can institute secure BYOD policies to protect their corporate networks and data from rogue access and malware.

Managed Service Providers

For managed service providers or organizations hosting their own infrastructure, SMA provides turnkey solutions to deliver a high degree of business continuity and scalability. SMA can support up to 20,000 concurrent connections on a single appliance, with the ability to scale upwards of hundreds of thousands of users through intelligent clustering.

Data centers can reduce costs with active-active clustering and a built-in dynamic load balancer, which reallocates global traffic to the most optimized data center in real time based on user demand. SMA tool sets enable service providers to deliver services with zero downtime, allowing them to fulfill very aggressive SLAs.

Key New Features

The new 12.1 firmware addresses the above uses cases with the following new capabilities:

Federated Single Sign-On

SMA OS 12.1 delivers secure access from a single URL to Microsoft Office 365 and other cloud SaaS applications that use the SAML 2.0 authentication protocol. SMA fits seamlessly into an organization’s existing infrastructure and enables federated single sign-on (SSO), using a single pane-of-glass web access portal, to applications hosted in the cloud or in a local data center. A single login event (without requiring a VPN tunnel) can create a secure session for authenticated users with authenticated devices to any business application.

Read our tech brief to find how SonicWall SMA achieves identity federation for access requests initiated by both service providers and identity providers.

Secure File Share

The release innovates in the realm of access security by offering the capability to scan files uploaded by unmanaged endpoints to the corporate network. Documents uploaded using personal or BYOD devices (unmanaged endpoints) by remote workers, third-party contractors or office employees with full VPN access to corporate network, typically bypass network security and are not inspected by a firewall. SMA OS 12.1 addresses this security gap by providing a secure file share mechanism.

 

Read our tech brief to find how SonicWall SMA stops malicious files from entering your corporate network.

SMA provides a web-based HTML5 file explorer for users to upload their documents, which are scanned by the cloud-based, multi-engine Capture ATP sandbox service for ransomware, zero-day threats and unknown malware. The verdict is delivered in near real-time, and suspicious files are rejected.

Capture ATP file scan reports are available on mysonicwall.com with detailed user session information.

The central management server (CMS) for SMA provides reporting and monitoring capabilities, including Capture ATP test results and session information (such as user ID and IP address). In addition, when the solution is deployed with a SonicWall next-generation firewall, SMA shares the session information with the firewall. This enables end-to-end network visibility, and provides an audit trail for reporting and compliance.

Universal Session Persistence

An enhancement to the global high-availability feature is session persistence in the event of a failover. User session data is replicated across the mesh network of SMA appliances in an active-active global cluster. In the event of a disaster or appliance failure, service owners can now deliver zero-impact failover that provides a frictionless experience to users without the need to re-enter credentials. This feature empowers service providers to adhere to stringent Service Level Agreements (SLAs) and deliver near zero downtime service.

New Licenses

In addition to new features, SMA OS 12.1 introduces “Secure Email Access” subscription licenses. This enables organizations to implement and pay only for their specific usage scenario (e.g., email with ActiveSync or Outlook Anywhere), significantly reducing total cost of ownership for customers. These licenses are centrally managed and distributed in real time based on user demand, across global datacenters.

SonicWall SMA OS 12.1 builds upon the vision to deliver true “anytime, any device, any application” secure access to your workforce. The solution enables organizations to embrace mobility and BYOD without fear, and move to the cloud with ease.

SMA OS 12.1 is compatible with SMA appliances 6200, 7200, 8200v and EX 9000. Customers with an active support contract are eligible for a free upgrade on mysonicwall.com. Download the new SonicWall SMA 12.1 here.

SonicWall SMA OS 8.6 Delivers Seamless Remote Access Using Web-based Access Methods

Smartphones, laptops and internet connectivity have become necessities of life. We move around with powerful computing devices in our pockets or backpacks. This “on-the-go” lifestyle has transformed the way we work. Employees today want on demand access to resources and the ability to be productive from anywhere.  Organizations too are embracing cloud and mobile, and allowing employees to use their personal devices for work. This is a win-win situation for employees and organizations but also a big challenge for IT departments. IT has the daunting task of providing secure access to corporate resources without exposing risks such as:

  • Unauthorized users gaining access to company networks and systems from lost or stolen devices
  • Malware and ransomware infected devices acting as a conduit to infect company systems
  • Interception of company data in-flight on unsecured public WiFi networks
  • Loss of business data stored on devices if rogue personal apps or unauthorized users gain access to that data
  • The ability to react as quickly as possible to minimize the window of exposure before an attacker can potentially cripple the organization

To address these risks and empower IT, SonicWall Access Security (SMA) solutions with policy-enforced SSL VPN deliver seamless remote access with the highest standards of security. SMA OS 8.6 expands the feature set on the Secure Mobile Access (SMA) 100 Series appliances with enhanced security and intuitive features that deliver the best experience for remote access.

  • Microsoft RD Web Access integration – Admins can now select to offload applications on the RD Web Access portal, onto any web browser. This new feature provides users with seamless access to remote desktops and applications through web browsers.
  • Enhanced security – SMA uses an in-house connect agent to establish a secure connection for RD Web Access without needing to set up a VPN tunnel. The agent has no dependency on Java or Active X.
  • Driverless printer redirection –Print files from remote desktops seamlessly, just like printing a local file. Files on remote desktops can be published as a PDF on your local machine and can be printed locally.
  • Modernized UI – A refreshed UI that is even more intuitive for users and admins. The firmware conforms to the new SonicWall branding guidelines.

Customers with an active support contract can download SonicWall SMA OS 8.6  from mysonicwall.com.

RSA Conference 2017: Prevent Breaches, Stop Ransomware and Block IoT Hacks with SonicWall

The 2017 RSA Conference opens at Moscone Center in San Francisco next week, February 13-17. One of the biggest cybersecurity events of the year, the conference allows thousands of industry professionals to interact with leading security experts to learn about the latest threats, strategies and techniques to combat increasingly more devastating cyber-attacks. As a gold sponsor, SonicWall will demonstrate cutting-edge security solutions that enable our customers to stay ahead of cybercriminals in the continually evolving cyber arms race. We will talk about the advances that both the cybersecurity industry and the cybercriminal organizations have made over the past year, as outlined in our 2017 Annual Threat Report. In the SonicWall booth #N3911, we will also demo solutions to prevent breaches, stop phishing attacks, block ransomware, uncover SSL encrypted threats and identify compromised IoT devices.

SonicWall’s presentations, demos and experts at the conference will empower you and your organization’s networks to overcome numerous crimes targeting weak spots in your network. You will definitely want to see a demo of our award-winning multi-engine sandbox, SonicWall Capture ATP, which scans network traffic to prevent zero-day and advanced threats. We will show how we can block unknown files until Capture reaches a verdict, which is made possible by a highly effective multi-engine sandbox. Near real-time verdicts are rendered by our highly efficient GRID cloud threat network. Our next-gen firewalls also detect malware using SSL or TLS encryption to cloak malicious behavior, C&C communication and exfiltration.

Because email is a constant target for attacks we will have a kiosk introducing our revolutionary technology for email security. SonicWall’s Email Security solutions allow you to deploy a next-gen solution for protecting email files, stop phishing and block ransomware. Talk to our experts and learn how you can block spoofed email and attacks with our hosted service for SMB or via our on premise enterprise email security solutions. We will be making an exciting announcement, be sure to stop by and find out!

Today’s ever-growing number of connected devices by mobile workers and vendors requires organizations to rethink their needs for IoT security. SonicWall’s access security and network segmentation delivers the right level of access to your mobile workers and reduces the threat surface. Right network segmentation is required for critical business apps and data to ensure better protection. With our Secure Mobile Access solutions, you can define granular access policies, enforce multi-factor authentication and monitor all activities for compliance.

Our goal is to help our customers stay protected and ahead of today’s, ever-changing cyber-attacks. Start your journey at booth N3911 on Monday night with the welcome reception and experience first-hand how SonicWall next-gen firewalls, access security and email security offer the power to be competitive and fearless. Tune in via Twitter #RSAC and follow @SonicWall. If you want a head start, you can play with our security solutions online by visiting our Live Demo site. You can get a Free Expo Pass: https://www.rsaconference.com/events/us17/register with the following code: XS7DELL.

Do You Trust Endpoints That Go Shopping?

We are midway through the shopping season this year and already online retail shopping is having record sales. According to Adobe, final numbers indicate that Black Friday surpassed estimates, with $3.34 billion – 21.6 percent growth, year-over-year. Mobile accounted for $1.2 billion, a 33 percent increase from the year before.

Gartner predicts that 70 percent of mobile employees will use their personal smart devices to conduct work by 2018.

These are two seemingly disparate trends but what do they mean for organizations and their cyber security posture?

In another blog, my colleague Scott Grebe explored the security risks that arise when employees are shopping online at work within the corporate network. In this blog, we’ll explore the security risks that arise when employees shop online outside the corporate network.

Organizations are increasingly embracing BYOD for its obvious advantages, but this gives rise to a key gap in the security posture: How do you secure smartphones, tablets and laptops when they leave the confines of your corporate cyber security infrastructure? CSOs must make sure that the right security solutions and policies are implemented to close this gap.

Recent high profile data breaches have put cyber security under the spotlight and organizations have invested in best-of-breed solutions and deployed their defense-in-depth strategy to mitigate today’s advanced threats. Solutions such as next-generation firewall, Intrusion Prevention Systems (IPS), sandboxing and email security are in place to protect against zero-day malware and ransomware, thus making it significantly difficult for the majority of hackers to penetrate. No points for guessing where these threat actors will target next – smartphones, tablets, laptops or even home computers that employees use for remote work. According to McAfee Labs 2016 Threats Predictions report: If attackers really want to get at your data, but find themselves blocked at every attempt against the corporate data center, then the relatively insecure home systems of the employees become the next logical target.”

Employees are spending more time shopping online using a work-supplied or personal device. The next time an employee connects to a public Wi-Fi network to do a price check on a deal, or just uses his/her relatively insecure home network to shop, it could expose the organization’s network. Just last week, it was revealed that 1 million Google accounts were compromised by Android malware. Hundreds of counterfeit retail apps were discovered in Apple’s App Store. A seemingly innocuous app or even a rogue SMS text would suffice to comprise the device and, just like the trojan horse, the device would be given entry into the corporate network.

It is difficult to control the shopping mania that infects everyone around this time of the year, but organizations can leverage the security solutions that are already deployed to better protect the endpoints even when they are remote. SonicWall’s Secure Mobile Access (SMA) solution provides access security to complement your network security, by delivering secure access to users from anywhere and from any device. With SMA, organizations can protect their corporate network every time employees go online by following certain best practices:

  • For trusted laptops and desktops, use the redirect-all mode on the SSL-VPN solution to drive all traffic through the corporate security infrastructure.
  • For untrusted BYO devices, educate employees to use features such as browser-based clientless access to remote desktops for secure browsing.
  • For mobile devices, configure policies to allow access only to whitelisted apps.

Further, when these endpoint re-enter the corporate network, SMA interrogates the device and performs health checks to permit access or to quarantine for remediation. By implementing these best practices, organizations can leverage their corporate infrastructure such as next-gen firewall with SonicWall Capture sandboxing technology, bringing security anywhere employees’ devices go. Ready or not, mobile workers and BYOD are here to stay.

To learn more on how SMA can protect the corporate networks from “trusted” and “untrusted” endpoints, download and read our executive brief.

Mobile Workers and BYOD are Here to Stay: Is Your Data Secure

The way business professionals work has changed dramatically over the last several years, and continues to at an ever-growing rate. They are on the go and working from different locations across all hours using many devices to allow for a work/life balance. We have become an “always-on” society.

Workers are also doing more work remotely, whether it be at a coffee shop, on the train to work, or on a business trip from a hotel room. People want to stay in touch wherever they are and whenever they need to. They also want to use the device they like, whether it is a smartphone, tablet or laptop. In addition, they also need access to the applications they choose to use, some from their work, others of their own. And most importantly, they need access to the data required to do their jobs, whether it is online through the Internet or behind their company’s firewall on the intranet.

Companies clearly need to find a way to provide their mobile workers secure access to any data from any device at any time. That said, companies’ IT organizations need to understand the risks they are opening themselves up to if they don’t take necessary precautions including data loss, malware, device proliferation, rogue applications, lost and stolen devices with data onboard, credential theft, etc.

Today, IT can implement a number of solid mobile workforce management and mobile security management tools to help secure mobile data and devices, such as:

  • Mobile Device Management (MDM)
  • Mobile Application Management (MAM)
  • Secure Sockets Layer Virtual Private Network (SSL VPN)
  • Network Access Control (NAC)

Learn more about what the industry is seeing around providing secure mobile access over BYOD by reading our executive brief, “Ready or not, mobile workers and BYOD are here to stay.”

Securing a Scalable Network

Note: This is a guest blog by Ken Fletcher, CEO of Quarterhorse Technology Inc., a  SonicWall Premier Partner based in New York. http://www.iqti.com/

Security is a major concern for small and large companies. When small companies hear the term enterprise-level security, the first thing that comes to mind is how much it would cost upfront and long term. Support is not just a dollar amount, it involves extensive management by trusted professionals.

As companies begin to outsource more of their IT needs to hosted applications and outside firms, internal staff are shifting their attention to network-centric issues. IT security has expanded from a firewall deployed at the perimeter and anti-virus installed on workstations to include mobile device security and user education. Network security has evolved to encompass securing non-company assets such as cell phones, tablets, and personal laptops that are utilized by end users to access company resources. Additionally, companies have started to invest in educating users on the multitude of ways a criminal can attempt to obtain sensitive information. This can include malware/ransomware and social engineering tactics.

The evolution of the next-generation firewalls

Firewall manufacturers are beginning to shift their focus from basic packet inspection to more intuitive and adaptive methods of traffic inspection. Security threats are constantly evolving and, as a result, firewall manufacturers have introduced next-generation firewalls (NGFW). An NGFW not only protects a network, but also its users. These firewalls go beyond packet inspection, and have the ability to scan for viruses at the gateway. They also include additional services such as content filtering (CFS) and intrusion prevention and detection (IPS/IDS). CFS can minimize the risk of employees visiting websites that contain malicious content, and increase productivity by eliminating access to non-work related websites. CFS can also be used as a liability protector by eliminating the risk of employees visiting controversial websites and subsequent lawsuits that could be filed against the company. If implemented correctly, these services can reduce the time and cost of management.


BYOD for the Real World

While some organizations are adopting a Bring Your Own Device (BYOD) model for their staff, these organizations are typically large, with significant support staff dedicated to managing the inherent issues that come with BYOD. Some organizations limit user’s remote access to company provided devices, allowing the company more control over security. Despite this, providing company-issued devices can be expensive to deploy and support. For example, companies have been inclined to provide a firewall for their employees’ home network in order to secure a device, such as a PC, that is being used for business purposes. This adds to the complexity of both the setup and support these devices for their employees. As a result, this methodology can limit the amount of personnel the company will allow to remotely access their network. Additionally, this method does not scale in an event such as Superstorm Sandy or the recent NYC blizzard to support the majority of employees that would be unable to commute to the office for work. As a solution to the drawbacks of both BYOD and company issued devices, many organizations have adopted a hybrid approach to secure BYOD devices. To accomplish this hybrid approach, companies are utilizing SSL VPN technology. This approach is less expensive, provides a high level of security and can scale quickly.

Today’s SSL VPN appliances can provide access to the network assets while performing a security checklist before allowing a connection through the use of endpoint control (EPC). EPC can determine a variety of properties about the device, including its OS version, patch level, antivirus, domain membership and equipment ID. EPC then compares the device’s properties against the predetermined requirements, and if the specified criteria is not met, access can be reduced or denied. While a technology with these advanced features sets may sound expensive,  SonicWall makes a SMA Virtual Appliance with virtual SSL VPN that includes EPC for under $500. On top of these features, it also includes the ability to generate one-time passwords which adds a second layer of authentication and protects against compromised credentials. SonicWall’s SSL VPN also contains a bookmark feature that can provide user-friendly access to an employee’s office PC, similar to remote control software such as LogMeIn or GoToMyPC. This feature does not require an installation of software on the office PC or monthly subscription cost.


Considering the human element

Security encompasses more than just hardware and software solutions. It is very common for companies to disregard the human element of security. Spammers are able to replicate emails from major corporations to a point that only a trained eye can tell the difference between a fake and legitimate email. Not only do these emails come from reputable names, but they can also appear to provide information which the user might be waiting for in a link or an attachment. One example would be purporting to have information about a delivery, such as a FedEx package. When the unsuspecting user click on a provided link, there is a chance that it will download malicious software that can encrypt files or applications and can give the attacker access to the company’s network. Companies are becoming aware of the need to adequately educate their employees to recognize these threats so they do not fall victim. While online training may cover a specific point, firms that specialize in awareness education generally offer a more comprehensive approach in training employees to identify these threats. These specialized firms can perform tests by sending spoofed or malicious emails to the trained users to determine if they are able to identify the threats.

As companies evaluate their IT infrastructure, they need to be cognizant of the perimeter, mobile and human elements that affect security. Implementing the correct strategy for each of these components will minimize security risks and reduce cost, while providing great flexibility.

Higher Education Makes Cybersecurity a High Priority – Are You Prepared?

Digital natives predominantly compose the student body at today’s education institutions, and technological advancements have created unprecedented opportunities for personalized learning. BYOD and other emerging technologies have allowed school districts, colleges, and universities to become more effective, inclusive, and collaborative.

With the proliferation of devices now on the network, however, IT administrators are now faced with the enormous task of empowering end-users to capitalize on the benefits of increased mobility and connectivity, while also ensuring the integrity of the organization’s network and data. In our current threat environment, it is more critical than ever that schools, colleges and universities develop an overarching, end-to-end security approach that aligns with the institution’s mission.

A recent SonicWall survey, conducted in partnership with the Center for Digital Education, targeted higher education IT professionals, including executives (CIO, CISO, VP of IT, etc.), IT Directors and network managers to assess the state of network security on college campuses. A key takeaway from the study, however unsurprising, is that 73 percent of respondents rank cybersecurity high or very high among their institution’s technology priorities.

Just as cybersecurity has become a priority across industry and government, higher education institutions are shining a brighter spotlight on security – and for good reason. While educational institutions rank their ability to detect and block cyber attacks relatively high, with 65 percent citing their abilities as good or excellent, only 17 percent indicate that they have not experienced a network breach/incident in the past year. This statistic is indicative of the fact that cyber threats are continuing to increase in both frequency and sophistication in every industry.

In response to the growing threat of data breaches, 77 percent of survey respondents indicate they expect to spend more on network security in the next 12 months and 63 percent expect to spend more on secure access to data and applications. This is an encouraging statistic, as it reflects increased awareness around the need to strengthen security and mitigate risk.

In our hyper-connected world, a strong security posture is a strategic investment for education at all levels. IT administrators and decision makers across the education industry need to address the continually growing role of technology on campus by implementing end-to-end security solutions that protect all data and endpoints, old and new. Holistic, end-to-end security that utilizes identity access management, next-gen firewalls, endpoint security and efficient patch management allows school districts, colleges and universities to confidently and securely offer the benefits of increased mobility and other IT advances to their faculty and students.

For more details from the survey, view the on-demand webcast “Network Security in Education: The changing landscape of campus data security.” In this November 2015 webinar, Larry Padgett of the School District of Palm Beach County reviews how his district – the 10th largest in the United States — is leveraging people, processes, and SonicWall next-generation firewalls to protect a network serving 189,000 students and staff in nearly 200 sites. SonicWall Security’s Ken Dang joins Larry in this Education Dive webinar.

The Future Looks Bright for Mobile Worker Productivity

Managing and securing mobile data is about to get a whole lot easier. Mobile platform providers, historically focused on the consumer, are now investing heavily in new OS features that will seamlessly integrate with mobile management and security solutions and allow businesses to more easily enable mobile access to more data and resources without compromising security.

Historically, IT departments protected corporate networks and data by only allowing trusted devices and users to connect to the network. IT could limit the threat of data loss and malware by controlling and managing PC and laptop and software images and configurations. In the new mobile era, IT has limited control or management over devices. Workers are often independently choosing their smart-phones and tablets as well as the apps and services they use to address business and personal needs.

So, with limited mobile device control and management, how can IT keep company data secure while enabling mobile worker productivity?

The leading mobile platform providers recognize the challenge businesses face and are adding new features to make it easier to secure and manage business apps and data on devices, whether corporate or personally owned. And they’re partnering with third party mobile management and security providers to help give IT control to secure and manage the mobile data workflow. Key mobile platform features enabling mobile for business include:

1. Managed separation of business and personal apps and data

Mobile OS’s are architected to allow data to be easily shared by apps. While this ease-of-use and transparent interaction and sharing between apps is beneficial for personal use, it can be problematic for businesses that want to protect data. For example, many social apps mine contact lists from other apps and invite contacts to join their service. With this, confidential customer contact information stored in a business app could unintentionally be “shared” to a personal social app, leaking customer contact information and potentially damaging a business’s reputation or violating regulatory rules. Another risk, if a rogue app is downloaded to a device, mobile malware or vulnerabilities may be present that can steal data or provide an entry point for a cyber-attack.

To address these issues, the new generation of mobile operating systems is adding features that, with third party mobile management tools, will help better secure business apps and data on mobile devices. IT, with mobile user permission, will be able to more easily deploy and manage trusted mobile apps for business and enforce security policy to protect company data, while personal apps and data will be isolated from business apps, preventing data leakage. To meet mobile user demands for personal app and data privacy, IT will be restricted to only manage business apps and data. With these new built-in OS features, today’s proprietary secure containers that isolate and secure business apps and data on mobile devices, will be less necessary, helping to reduce IT cost and complexity.

2. Managed apps

To further support mobile for business, mobile platform providers are making it easier for app developers to build “managed apps”, apps that can be configured and managed by mobile management tools. For these apps, IT will be able to use third party mobile management tools to configure app level policies that affect the actions an app may take. For example, a managed email app implemented with the new mobile management control protocol could be remotely configured to only allow email and attachments to be viewed from the email app, and disallow copy, cut and print functionality to keep business data secure and encrypted within the app and not allow sharing with other apps.

3. App level VPN

Businesses today often deploy VPNs to securely connect mobile and remote workers with company networks and resources, a necessity to encrypt data in-flight and protect from data theft. However, when a device is used for business and personal use, if the VPN is enabled, personal traffic also uses the corporate VPN which can impact network bandwidth and contaminate backend resources. Ideally, to preserve corporate network bandwidth, only business apps and data should use the corporate VPN.

To address this need, mobile OS, security and management technologies are evolving to allow per app VPN capabilities. With per app VPN, security and management technology may be configured with policies to initiate a VPN whenever a business app launches such that business traffic from the mobile device travels through the VPN while personal traffic does not.

So, with these new mobile management and security capabilities, what should businesses do to accelerate mobile adoption and productivity?

Get ready for the next wave of mobile technology. For information on the management and security solutions you need to help enable mobile workers productivity while protecting from threats, read our eBook, Secure Mobile Access.

Mobile Security Checklist to Minimize Risk

The number of mobile devices in the workplace is exploding and with this, a new frontier for cyber-attack is emerging that poses a significant risk to business. As the great philosopher and strategist SunTze wrote, “Know your enemy and know yourself and you can fight a hundred battles without disaster.”

Threat analysts are finding that malware isn’t just a problem for laptops any more. For example, reports indicate that the CloudAtlas campaign, a sophisticated advanced persistent threat that initially targeted windows machines, has made its way to mobile platforms including Android, Apple IOS and Blackberry systems. Our own SonicWall Security Threat Research Center uncovered the Android counterpart of the CloudAtlas campaign. This malware masquerades itself as an update for the popular messenger app Whatsapp, and in turn, spies on a victim’s device to obtain sensitive data,such as texts, contacts and calendar information, and passes it back to the attacker, creating a huge business risk.

Could you, or one of your employees unknowingly have a mobile device infected with malware harvesting your confidential business data?

Fundamentally, there are two key business risks that you need to protect from as workers go mobile. The first, is theft or loss of mobile data. The second, is mobile devices becoming conduits for malware attacks that affect corporate systems and data. So what are the mobile threats you need to be aware of to protect your business?

Here’s a checklist of threats you need to be prepared to tackle in the mobile worker era:

  1. Lost and stolen devicesNo surprise here. If a device is lost or stolen, and corporate data was stored on the device, there’s a risk of confidential data loss. An even bigger risk, is a lost or stolen device being used to gain access to corporate data and apps on the back end. Significantly more data could be impacted if an unauthorized user with a lost or stolen mobile device gains access to the data center. This is particularly problematic for businesses subject to regulatory compliance.
  2. Mobile malware and vulnerabilitiesAnother concern is rogue apps downloaded to devices containing information-stealing malware, such as the CloudAltas threat discussed above, or vulnerabilities with devices, OS design and 3rd party apps. These threats provide entree for attacks and can lead to data theft and downtime. Again, this is a risk for data on the device, but potentially an even bigger risk if the device becomes a conduit for malware to infect backend data systems and cause data loss or downtime.
  3. Data leakage through 3rd party appsCorporate data and apps co-mingling with personal data and apps on devices can also create risk and lead to corporate data leaking, either intentionally or unintentionally. For example, many social apps mine contact lists from other apps and invite contacts to join their service. With this, confidential customer contact information stored in a business app could unintentionally be “shared” to a personal social app, leaking customer contact information and potentially damaging a business’s reputation or violating regulatory rules.
  4. Insecure Wi-FiLastly, the riskof man-in-the middle attacks. Attackers can snoop data if traffic is sent over unencrypted networks such as public wifi. Data in-flight is likely the pulse of the business. It likely contains fresh, sensitive data, and may even contain data subject to legal or regulatory requirements for confidentiality. If that data is intercepted, it could be damaging to the business. Although the relative quantity of data lost or stolen in case of in-flight traffic interception is likely small, the potential for damage is still there. So, to protect in-flight data from interception, data should be encrypted.

Mobile Security Solution

So, now that we reviewed the top threats, how can you prepare to win the mobile security battle to come? To protect from these threats, the best defense is a good offense.

Secure container and encryption technologies such as Enterprise Mobility Management (EMM) can help isolate and secure business apps and data on mobile devices. This a great start, but company data and networks are still at risk if only on-device data protection is addressed. Security is an end-to-end mobile workflow challenge.

For comprehensive mobile security, in addition to EMM, deploy security and access control technologies in your IT infrastructure that authenticate users and interrogate devices, OSes, mobile apps and validate their integrity. Only grant VPN access to trusted users, devices and business apps to help protect from rogue access and malware attacks. Also deploy, next-gen firewalls to scan mobile traffic entering your network and block malware before it infects corporate systems and data. Next-gen firewalls can also scan mobile traffic entering your network and block malware before it infects corporate systems and data and block access to and from disreputable web applications and sites, adding another layer of protection.

For more information on the security and access solutions you need to enable mobile worker productivity while protecting from threats, read our eBook: SonicWall Secure Mobile Access.