Virtualization Technology News and Information
Portnox 2018 Predictions: Securing the Mobile Workforce with Endpoint and Network Security

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Nilly Assia, CMO, Portnox

Securing the Mobile Workforce with Endpoint and Network Security

The mobile workforce is a beautiful thing. Employees can work from the comfort of their homes while still wearing slippers, and the trend is tied to improved workplace satisfaction, efficiency and productivity. According to The Evolving Workforce project, 83 percent of global employees believe that technological advances, and thereby the mobile workforce, have enabled them to be more productive.

Yet, despite the benefits of the mobility trend for employees (which is only increasing as Generation Y enters the workforce), IT departments are rightly concerned with its impact on data and network security. In a recent survey of mobile technology decision-makers by CCS Insights, 42 percent were concerned with network security, 39 percent were concerned with device security, 25 percent were concerned with app security and 24 percent were concerned with the security of connections arising from the workforce mobility trend. And these concerns will likely grow with global mobile workforce expected to grow to 1.75 billion people in 2020, accounting for 42 percent of the global workforce.

So how is it possible to access the benefits of workforce mobility while honing in on and increasing data and network security? The answer lies in constructing a realistic approach to solving the security challenges.

One of CSOs/CISOs' biggest concerns surrounding workforce mobility is tied to the BYOD trend, with more employees using their personal and unmanaged devices to carry out work-related tasks. Without the ability to directly control which networks these devices connect to, what applications they access and what items of data they share, addressing BYOD security concerns can seem like a nightmare for IT. However, by obtaining visibility into their network endpoints through a number of existing cybersecurity products, IT departments gain the contextual endpoint knowledge they need to know that their data and networks are secure, despite the widespread use of BYOD. Through such solutions, it's possible to know where and when endpoints are connecting, if they have been patched for the latest vulnerabilities, and if they are sharing or accessing sensitive information in an abnormal fashion that could raise red flags. This information can be used as the basis for a mobility-minded network and data sharing security policy that makes sense for the immediate needs of the organization in preventing data leaks, and the employees that want to continue being productive, no matter the time, no matter their location.

The next step in reaching an effective mobile workforce security policy is educating employees of the risk. With the proliferation of mobile devices, cloud applications and innovative technologies, such as the Internet of Things, throughout our society, many users are blindsided to the benefits of these trends, as opposed to envisioning their inherent risk. Therefore, educating employees on the current and rapidly evolving cybersecurity landscape is important for them to grasp the effects of what they may think are innocent and well-intentioned actions. For instance - and as was demonstrated in the 2016 Mirai botnet attack - IoT devices in use in the home can be "hijacked" by hackers to gain access to corporate information stored on employees' personal devices and wireless networks. Devices such as baby monitors, smart TVs, coffee machines and refrigerators - currently popular gadgets in the "smart home" - are only weakly protected from threats (if they are at all), which is why it is important to inform employees that their technology choices could put the enterprise at risk. While it's unlikely that employers will start controlling which devices their employees can engage with, if work from home is encouraged, it's a company's right to know that their data isn't being compromised as a result.

How do you explain to an employee that sending a work document to their personal email so that it can be worked on from home puts the organization at risk? After all, that employee is going above and beyond to do their job to their best possible ability. Once employees are educated of the vulnerabilities inherent in mobile devices (mobile malware), cloud applications and wearables (among other issues), they are more likely to understand if they are reprimanded for irresponsibly sharing data, needless to say, they are far more likely to disengage from such activities altogether. If the communication with employees around cyber threats is constant, through email campaigns, office notes and periodical meetings, they are even more likely to make the security policies that the organization sets out a part of not only their professional but also their personal connected lives.

With a sound network security policy and an employee education program, the next step in putting the right controls in place. Together with knowledge of endpoint behavior, it's possible to control access based on strong authentication credentials - a necessary step in our increasingly connected world. Besides educating employees on proper password etiquette (regularly change usernames and passwords, don't reuse past passwords, don't mix their personal and professional digital lives), organizations should be using strong authentication credentials to prevent unauthorized access.

One of the best methods is through multi-factor authentication that asks users to provide additional information to access data, documents and the network (via VPN). Multi-factor authentication (MFA) asks users for something they know (usually a password), something they have, which could be a unique security token, or, something we will be seeing more of in the future, what the user is (biometric data). Not only does MFA prevent unwarranted access and minimize exposure to vulnerabilities, it reduces the risk for data leaks from stolen, lost or out-of-use devices, a worrisome and increasingly common trend tied to BYOD and the proliferation of mobile devices.

Bottom line is that the mobile workforce is a major trend for the IT industry moving forward - together with cloud computing, machine learning and artificial intelligence - yet security professionals are still up in arms about how to embrace the trend without increasing exposure to digital business risks. However, by developing a sound strategy that attempts to balance the needs of employees working remotely with imminent network security needs, IT departments can regain the confidence they once had when technology was contained within four office walls.


About the Author

Nilly Assia 

With more than 15 years of industry experience, Nilly leads the development, execution and organization of the company's global marketing strategy. Prior to joining Portnox, she served as a Marketing Director at Gemalto, formally SafeNet, one of the largest information security companies in the world. During her time at Gemalto, she served in a variety of marketing disciplines including product, field, operations, and corporate marketing leadership roles. Before Gemalto, Nilly led the product marketing team for the USB business at SanDisk. Nilly holds an MBA from London Metropolitan University.

Published Friday, November 03, 2017 7:36 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2017>