I know what you did in Koru Club last summer

Mon, 22nd Dec 2014

FYI, this story is more than a year old

It's not enough to secure devices in the mobile world, says Intergen's Chris Auld. But he says there's a simple solution to ease many security issues.

Workforce mobility isn't just about mobile phones and shiny executive jewellery wear. It's about all devices including laptops and the devices that have been sitting in people's bags for years.

The ground floor requirement for getting on the enterprise mobility elevator is making sure that you've got secure end points. Your people have got lots of very valuable and very sensitive data floating around. It's not enough to just say you've got mobile device management for iPhones because, in reality, a whole lot of the data that people have got floating around at the moment is probably sitting on their laptops and has been for years. It's not enough to secure devices, we need to secure end points.

Every time I see a government leak, whether it's deliberate and malicious, or accidental and driven by ignorance, I wonder why organisations aren't using the security tools that have been around for years. Organisations need to be having serious conversations about encrypting data on all possible endpoints, across all devices, including laptops.

So what are the real threats when it comes to the security of your organisation's information?

A device is physically lost We've all done it at one point or another. The biggest threat of all isn't being compromised electronically, it's just plain losing your device or having it stolen.

Information leakage Our second threat is the general problem of information leakage, where sensitive information is sent around the place, usually by email, and gets forwarded on and into the wrong hands.

Electronic compromise Devices can be compromised through the exploitation of potentially unsecure networks. With all the free Wi-Fi networks around, there's strong potential for people to honey-pot on them and for your corporate information to be compromised.

Mitigation If you want to equip your people with laptops, why not just stick a cellular data card into the laptop, put them on a private APN and run all of your traffic back through your corporate network?

Doing this means you effectively never have your staff connecting their laptops or phones into public Wi-Fi networks. Instead, they can jump on the cellular network and terminate a private APN back into the corporate network, enforce all of your policies and know for sure that devices are on a trusted network.

Cellular connectivity is so cheap and fast these days, it makes no sense to be pushing people onto public Wi-Fi. Just put a SIM card in the device, put it on a private APN and it's on a completely private network right into your corporate network. Then you've got both a trusted endpoint device and a trusted network termination into your corporate network, to enforce all of your policy.

You could go and endeavour to protect against the risk and assume all networks are untrusted, or you could just never put yourself onto an untrusted network – a much better idea!

Chris Auld is chief technology officer for Intergen, which specialises in the design and application of Microsoft technology.