- Email: [email protected]
Securing mobile workers
c o l u m n
Nick Garlick [email protected]
Securing mobile workers Nick Garlick Mobile workers are the weakest link the security chain. Nick Garlick says that mobile security is not an oxymoron.
he latest figures from the Office of National Statistics shows that over seven million of us are working from home at least some of the time. That represents a huge percentage of the working population that need remote access. If you add to that number all those who work on the road some or all of the time and it is clear why mobility solutions are so high up the corporate agenda.
T
Driven by the strategic goals of reducing costs, offering flexibility to an increasing demanding workforce and the need to improve productivity and customer satisfaction, IT Directors across the UK are searching for the perfect solution. But as more and more of us demand some degree of flexibility in our working arrangements, so the smiles of hackers across the world are broadening. Mobility is the soft underbelly of corporate IT systems and those intent on harming them know it.
All of that represents a security horror story, primarily because hackers know that individual users are the easiest to target because they are not protected behind layers of corporate firewalls. And that is the reason why we’ve seen such a massive increase in attacks on individuals in the form of spyware and Trojans. In many ways, mobile workers represent the Holy Grail to security professionals: securing them is almost impossible but achieving it will deliver untold riches to the organisation. At Nebulas Security, we believe that mobile security is possible but there is no silver bullet – it requires diligence, hard work and layers of security. Technologies such as secure remote access deliver a virtualised environment for users that make contamination of other users almost impossible. That, combined with end-point security, delivers an effective solution for most organisations. That certainly was the case for Camelot for whom we recently deployed a mobile solution for the company’s 160 sales staff that need remote access as they visit the 30,000 National Lottery retailers across the UK. For those that want to go even further, we suggest a ‘decontamination’ area for mobile workers. This solution isolates corporate laptop users when they use the network until
comprehensive checks have been made. In the event of vulnerabilities being found, the user only has access to a clean-up area of the network, enabling them to diagnose and resolve their problems without infecting the whole network. This provides peaceof-mind to the network administrator and a means to solve the user problem quickly and effectively. Whatever the technology used in a solution, it is critical we all recognise the problem in front of us. As an industry, we must take responsibility for finding a means to ensure mobile workers do not remain the weakest link in the security chain because the implications are horrendous. If we do not find simple but effective solutions, one of two things will happen. Either the data held in organisations will forever be at risk or workers will no longer be allowed flexibility in their working patterns. All of us working in IT security understand that we simply must not allow the integrity of our data to be compromised – whether that is customer records or market intelligence. Yet we also understand that for the health of organisations across the UK, mobility is here to stay. That dilemma is at the heart of securing mobile solutions and one, as an industry, we must come to terms with quickly. Nick Garlick, managing director, Nebulas Securities Tel: 020 7654 0081 www.nebulassecurity.com
Infosecurity Today May/June 2005
The challenge all of us face in the IT industry is that mobility requires the well-known Martini effect to be in evidence – i.e. that workers who want remote access can do so at anytime, anyplace, anywhere. So, if an employee is in Manchester at a client meeting, they have the same access to their data as they would at their desk in the corporate headquarters. That access needs to be from a variety of devices, from PDAs to notebooks to desktop PCs located in places such as Internet cafes. The infrastructure they are part of also needs to be easy
to implement and, as more and more workers are given flexibility as part of their working conditions, needs to be incredibly extensible.
45
Nick Garlick [email protected]
Securing mobile workers Nick Garlick Mobile workers are the weakest link the security chain. Nick Garlick says that mobile security is not an oxymoron.
he latest figures from the Office of National Statistics shows that over seven million of us are working from home at least some of the time. That represents a huge percentage of the working population that need remote access. If you add to that number all those who work on the road some or all of the time and it is clear why mobility solutions are so high up the corporate agenda.
T
Driven by the strategic goals of reducing costs, offering flexibility to an increasing demanding workforce and the need to improve productivity and customer satisfaction, IT Directors across the UK are searching for the perfect solution. But as more and more of us demand some degree of flexibility in our working arrangements, so the smiles of hackers across the world are broadening. Mobility is the soft underbelly of corporate IT systems and those intent on harming them know it.
All of that represents a security horror story, primarily because hackers know that individual users are the easiest to target because they are not protected behind layers of corporate firewalls. And that is the reason why we’ve seen such a massive increase in attacks on individuals in the form of spyware and Trojans. In many ways, mobile workers represent the Holy Grail to security professionals: securing them is almost impossible but achieving it will deliver untold riches to the organisation. At Nebulas Security, we believe that mobile security is possible but there is no silver bullet – it requires diligence, hard work and layers of security. Technologies such as secure remote access deliver a virtualised environment for users that make contamination of other users almost impossible. That, combined with end-point security, delivers an effective solution for most organisations. That certainly was the case for Camelot for whom we recently deployed a mobile solution for the company’s 160 sales staff that need remote access as they visit the 30,000 National Lottery retailers across the UK. For those that want to go even further, we suggest a ‘decontamination’ area for mobile workers. This solution isolates corporate laptop users when they use the network until
comprehensive checks have been made. In the event of vulnerabilities being found, the user only has access to a clean-up area of the network, enabling them to diagnose and resolve their problems without infecting the whole network. This provides peaceof-mind to the network administrator and a means to solve the user problem quickly and effectively. Whatever the technology used in a solution, it is critical we all recognise the problem in front of us. As an industry, we must take responsibility for finding a means to ensure mobile workers do not remain the weakest link in the security chain because the implications are horrendous. If we do not find simple but effective solutions, one of two things will happen. Either the data held in organisations will forever be at risk or workers will no longer be allowed flexibility in their working patterns. All of us working in IT security understand that we simply must not allow the integrity of our data to be compromised – whether that is customer records or market intelligence. Yet we also understand that for the health of organisations across the UK, mobility is here to stay. That dilemma is at the heart of securing mobile solutions and one, as an industry, we must come to terms with quickly. Nick Garlick, managing director, Nebulas Securities Tel: 020 7654 0081 www.nebulassecurity.com
Infosecurity Today May/June 2005
The challenge all of us face in the IT industry is that mobility requires the well-known Martini effect to be in evidence – i.e. that workers who want remote access can do so at anytime, anyplace, anywhere. So, if an employee is in Manchester at a client meeting, they have the same access to their data as they would at their desk in the corporate headquarters. That access needs to be from a variety of devices, from PDAs to notebooks to desktop PCs located in places such as Internet cafes. The infrastructure they are part of also needs to be easy
to implement and, as more and more workers are given flexibility as part of their working conditions, needs to be incredibly extensible.
45