27 Feb Two Security Holes in Your Enterprise Mobility Solution
Enterprise mobility has been a reality for several years. We all have mobile devices that we rely on to get work done, wherever we are in the world. Mobile security, the practice of keeping devices, the networks they run on, and the data they transmit and store, has become increasingly important in recent months. The National Institute of Standards and Technology has recently updated its report on Mobile Device Security: Cloud and Hybrid Builds, which includes guidance on data protection, device integrity, identity and authorization, among other topics.
Given workers’ demand for convenience, apps for the workplace and the BYOD trend show no signs of abating. Employees use personal phones and tablets more frequently than ever to access enterprise services, data, files and other resources to do work. But even with company-issued devices, there are security risks posed by commingling enterprise data with various work-based processes and repositories.
There are two ways your enterprise mobility solution could be making your organization vulnerable to security risks. This post outlines these potential security holes and identifies how Mobile Reach closes them so that your enterprise data remains safe.
Risk #1 – Attachments downloaded to company-issued devices cannot be controlled
How many times have you opened an attachment on your mobile device? Attached files remain a core part of everyday business, and they are often accessed via mobile extensions of enterprise applications. When an employee downloads an attachment to a company-issued mobile device, that file is now effectively out in the wild. Even if it never leaves the device itself, it can no longer be easily restricted, deleted or otherwise controlled by the company. What was once a securely nestled file in your CRM or service management platform is now a free agent and a security risk.
For attachments to pose a risk, they first need to be accessed by a mobile user. Many mobile modules for enterprise applications cannot be configured to prevent files from being attached; they’re just not that flexible. Deploy a mobile app, and you automatically have the opportunity to attach files — whether you want to or not. Mobile applications from Mobile Reach give organizations the option to deploy apps without the ability to attach files. With Mobile Reach, organizations can even have two versions of the same app — one that enables attachments and another that doesn’t.
Risk #2 – Enterprise systems are accessible via personal mobile devices
The larger a company, the more likely some employees are frequently required to be away from their desk, if they have an office desk at all. Consultants, field service technicians, inspectors, field sales executives and many other professionals are constantly on the move while needing to adhere to company processes and workflows. Many of these processes are managed in enterprise systems, such as a CRM, ERP or an enterprise asset management database. Field-based employees need to access these systems for any number of reasons, but large organizations do not allow access to them via personal mobile devices. This doesn’t mean employees won’t try.
To keep enterprise systems at large companies locked down, corporate security teams implement policies that restrict the number of IP addresses that can access their network. When a mobile user is working outside of the secured network and they make a query into the corporate network, the IP address of their mobile device is unknown and therefore rejected, preventing them from getting work done. Indeed, many large organizations outsource portions of their workforces, widening the impact of compromised security and productivity.
To control device access to secure enterprise applications, Mobile Reach manages all mobile device traffic to the enterprise systems we integrate with through a secure gateway. The Mobile Reach gateway minimizes the amount of data transferred between the mobile client and the enterprise system to only what is necessary. Furthermore, the gateway transmits data through a single port to reduce requirements on firewall openings and to satisfy any IP restrictions. And finally, the IP address for the Mobile Reach Gateway can be whitelisted, effectively reducing the number of mobile access points to one. Lastly, the Mobile Reach gateway provides AES-256-bit encryption, the highest encryption level available.
While ensuring enterprise mobility is as secure as possible, organizations need to continue to balance vulnerability with productivity. But if the balance has to swing in either direction, it is advisable to make devices and data more secure.
Get in touch with Mobile Reach to discuss your enterprise mobility security needs and learn more about how we can meet your requirements.