Welcome to the new year! :) Thanks to Dixita at MutualPR, I had a conversation with Shubhomoy Biswas, country director, SonicWALL India, regarding securing mobile devices.
First, users have come to expect secured access “anytime, anywhere”, whether over 2G or 3G networks or Wi-Fi, for both personal and business tasks. What is SonicWALL's take on this?
Biswas said: "Smartphones and tablets operate in two worlds: they can connect to the corporate network over wireless, or bypass the network entirely using mobile cellular connections. This means they might download malware from the web over 3G/4G, and then disseminate it to the network over the corporate WiFi network.
"Transferring data in and out of the corporate network, smartphones are beyond IT control. At the same time, however, IT needs to provide enterprise workers with secure access to network resources from tablets and smartphones.
"Today’s new workforce believes that their personal technology is better than what they have at work. Sixty-nine percent will use whatever application, device or technology they want, regardless of source or corporate IT policies. Less than half will stick to company-issued devices. This consumerization of IT has particularly affected the business use of smartphones and tablets."
What are the challenges of having multiple devices in an organization? Is there a need for IT departments to start managing users, and not just manage the devices in their environment?
Biswas replied: "Enterprises need an agnostic approach that supports multiple platforms for their users, as well as provide contingency for access continuity. A global business cannot depend solely upon the viability of a single smartphone vendor’s platform, but instead, must deploy smartphone solutions that are able to facilitate multiple platforms.
"The sheer volume of interactive Web 2.0 and streaming media traffic over smartphones can affect corporate bandwidth and wireless network throughput. Some of these applications, such as streaming video applications, constantly evolve to avoid control. In addition, like any web-facing endpoint device running applications over the network, smartphones present a potential channel for forced denial-of-service attacks.
"The proliferation of smartphones in corporate environments creates new and wider potential for data loss and leakage, whether by theft, unauthorized access or unauthorized transmission. Determined professionals can ultimately undermine even “unhackable” smartphone platforms.
"In addition, thieves can thwart attempts by IT to wipe data remotely by simply by removing the SIM. The widespread practice of “jailbreaking,” or opening a phone to customize its features or functionality (such as to overcome restrictions on alternate mobile service carrier networks), also poses a serious security threat.
"Most agree that enterprises should be able to enforce several basic security features on any mobile device, including mandatory passwords, over-the-air device wiping capabilities and data encryption on the device itself. In practice, the choice of the platform itself will determine the effectiveness of the overall policy. Not all mobile devices are equal, and some vendors make it harder than others do to enforce rigorous security protocols and policies."
Top five ways to secure mobile devices
Is there a need for security protection for mobile devices? Can SonicWALL suggest the top five ways to secure mobile devices?
Establish reverse web proxy and/or SSL VPN. This secures smartphone and tablet access from outside the perimeter. By providing standard web browser access to web resources, reverse proxies can authenticate and encrypt web-based access to network resources. Reverse proxy delivers access agnostically across platforms. Agent-based encrypted SSL VPN tunnels add easy “in-office” network-level access to critical client-server resources from both laptops and smartphones.
Add strong authentication. An effectively secure solution should integrate seamlessly with standard authentication methods such as two-factor authentication and one-time passwords.
Scan traffic through a next-gen firewall. Smartphones and tablets can act as conduits to enable malware to cross the network perimeter, even over WiFi or 3G/4G connections. Integrated deployment with a next-gen firewall can decrypt and scan smartphone and tablet traffic coming from outside the perimeter. Integrating a next-gen firewall with 802.11 a/b/g/n wireless connectivity can scan and decontaminate WiFi traffic when the smartphone user is inside the perimeter.
Control app traffic. In general, smartphones and tablets are are either critical business solutions or personal time-wasters. Application intelligence and control technology can enable IT to define and enforce how application and bandwidth assets are used.
Prevent data leakage. Data leakage protection for devices used inside the perimeter can scan outbound traffic and take policy-driven action to block or allow file transmission based upon watermarked content.
Enforcing usage policy
How can IT administrators track and enforce usage policy, allocate bandwidth, and throttle-down bandwidth of less-important applications?
According to Biswas, smartphones and tablets have become standard business tools. But securing access to network resources from consumer smartphones and tablets presents numerous challenges for IT. Best practices combine platform-agnostic access, strong authentication and integrated next-gen firewall countermeasures.
So, what are SonicWALL’s contribution in this regard?
He added: "We are the only provider to solve the challenges of access, security and control with one integrated solution that combines SonicWALL Clean VPN and application intelligence and control. When SonicWALL SSL VPN solutions are deployed with a SonicWALL firewall, SonicWALL Clean VPN scans tunneled traffic to block malware from the mobile communications as a conduit into the network.
"The multi-layered protection of Clean VPN enables organizations to decrypt and scan for malware on all authorized SSL VPN traffic before it enters the network environment. SonicWALL Clean Wireless delivers secure, simple and cost-effective distributed wireless networking by integrating universal 802.11 a/b/g/n wireless features with a SonicWALL firewall for deep packet inspection, application control and content filtering. SonicWALL Clean 3G/4G delivers the same level of protection over cellular wireless networks.
"Today’s users expect to choose their mobile device platforms. SonicWALL Mobility solutions deliver policy-enforced remote access to network resources from Apple Mac OS, iOS, Google Android and Windows Mobile devices; plus they provide flexible and secure remote access for laptops and enhance productivity and business continuity with full-featured, easy-to-manage, clientless or thin-client “in-office” connectivity to network resources over WiFi and 3G/4G.
"Our unified client app gives users full network-level access to corporate, academic or other organizational resources over encrypted SSL VPN connections to provide confidentiality and data integrity for users outside of the corporate network when they are traveling and using hot spots."