Story image

I know what you did in Koru Club last summer

22 Dec 2014

It’s not enough to secure devices in the mobile world, says Intergen’s Chris Auld. But he says there’s a simple solution to ease many security issues.

Workforce mobility isn’t just about mobile phones and shiny executive jewellery wear. It’s about all devices including laptops and the devices that have been sitting in people’s bags for years.

The ground floor requirement for getting on the enterprise mobility elevator is making sure that you've got secure end points. Your people have got lots of very valuable and very sensitive data floating around. It's not enough to just say you’ve got mobile device management for iPhones because, in reality, a whole lot of the data that people have got floating around at the moment is probably sitting on their laptops and has been for years. It’s not enough to secure devices, we need to secure end points.

Every time I see a government leak, whether it’s deliberate and malicious, or accidental and driven by ignorance, I wonder why organisations aren’t using the security tools that have been around for years. Organisations need to be having serious conversations about encrypting data on all possible endpoints, across all devices, including laptops. 

So what are the real threats when it comes to the security of your organisation’s information?

A device is physically lost We’ve all done it at one point or another. The biggest threat of all isn’t being compromised electronically, it’s just plain losing your device or having it stolen. 

Information leakage Our second threat is the general problem of information leakage, where sensitive information is sent around the place, usually by email, and gets forwarded on and into the wrong hands.

Electronic compromise Devices can be compromised through the exploitation of potentially unsecure networks. With all the free Wi-Fi networks around, there’s strong potential for people to honey-pot on them and for your corporate information to be compromised.

Mitigation If you want to equip your people with laptops, why not just stick a cellular data card into the laptop, put them on a private APN and run all of your traffic back through your corporate network?

Doing this means you effectively never have your staff connecting their laptops or phones into public Wi-Fi networks. Instead, they can jump on the cellular network and terminate a private APN back into the corporate network, enforce all of your policies and know for sure that devices are on a trusted network.

Cellular connectivity is so cheap and fast these days, it makes no sense to be pushing people onto public Wi-Fi. Just put a SIM card in the device, put it on a private APN and it’s on a completely private network right into your corporate network. Then you've got both a trusted endpoint device and a trusted network termination into your corporate network, to enforce all of your policy.

You could go and endeavour to protect against the risk and assume all networks are untrusted, or you could just never put yourself onto an untrusted network – a much better idea! 

Chris Auld is chief technology officer for Intergen, which specialises in the design and application of Microsoft technology.

Story image
Harcourts chooses Nintex to advance business operations
“Nintex Promapp is the perfect process management solution, enabling us to leverage the best-practice knowledge we have captured, allowing for real-time feedback, and helping us to create and maintain a high-performance work environment to the benefit of our team and, ultimately, our customers.”More
Story image
06 Nov
Make the most of your data or risk your market status, organisations told
Businesses are putting their market status at risk if they fail to make the most of their data.More
Story image
DXC Technology & VMware team up on IaC cloud platform
“By combining VMware’s hybrid cloud offerings with DXC cloud services and industry expertise, DXC Managed Multi-Cloud Services powered by VMware gives IT the ability to rapidly deploy a universal management experience across all cloud environments."More
Download image
Whitepaper: Juniper Networks put to the test in malware attacks
With a multitude of solutions on the market, ESG decided to use malware attacks to evaluate market solutions like Juniper Networks’ automated threat detection and remediation.More
Story image
13 Nov
Micro 3D printing technology wins NZ engineering award
Micromaker3D creates detailed submillimetre structures for applications such as sensors, wearables, point-of-care diagnostics, and micro-robotics.More
Story image
07 Nov
SoftwareONE completes strategic acquisition of BNW Consulting
SoftwareONE Holding AG has announced that it has acquired BNW Consulting, and states the strategic decision will enable the company to extend its SAP capabilities on public cloud hyperscalers. More