It’s almost impossible to avoid the conversation of whether corporations should allow tablets and other mobile devices on the corporate network. Managers tout the benefits of a mobile workforce and the flexibility of connecting to resources from anywhere. Security engineers are worried about the security risks and increased number of unsecured hot spots generated by mobile devices. Not to mention the HR implications of bypassing acceptable-use policies that traditional network restrictions put in place.
As we see the rise of more and more adoption of tablet and mobile devices in the workplace, the issue of security becomes increasingly important. Industry experts agree that in 2012 we will continue to see the prevalence of more tablets and mobile phones used on corporate networks, which raises questions such as “How will this affect my security posture?” or “What kind of access should we allow?” And more importantly, “How do we control it?” The problem is that there is no clear-cut answer to these questions. But there are things you can do to help reduce the risks of mobile device usage on your corporate network.
When it comes to Wi-Fi, the more rogue devices and interference from mobile hot spots, the slower and more cumbersome the network will be. Most organizations leverage Wi-Fi in-house to allow for laptop connections where LAN is simply not accessible. Several security vendors have designed solutions that can mitigate wireless interference, delegate traffic into other frequencies to help alleviate Wi-Fi stress, and even allow for the creation of policies based on MAC address or browser profiles. Most of the leading firewall vendors also have the ability to create secure VPN tunnels via Wi-Fi and manage credentials, including limiting high-volume traffic over Wi-Fi such as YouTube, etc.
But the key security issue is how do you control hot spots generated from mobile devices that utilize cellular Internet connections? These types of traffic are subject to the same security threats such as malware, DoS attacks, intrusions and viruses. There are steps that can be taken to reduce the risks, such as disabling the SSID broadcast, disabling the DHCP server, or set the device user limit to 1 to avoid unauthorized connections. In addition, ensure that if these devices do connect to the corporate network, they are protected by a firewall and anti-x installed on the host device.
In 2012, we expect to see even more sophisticated Mobile Device Access Control (MDAC) solutions available. These solutions allow IT security to control the type of devices, services and bandwidth while allowing for the enforcement of security policies as it relates to browsing and applications. In particular, the development of cellular hot-spot locators and remote disabling solutions as the number of devices, and the difficulty in pinpointing a MAC address associated with a hot spot, becomes increasingly difficult.