The mobile workforce demands an end to endpoint security

By Suresh Balasubramanian , written on January 2, 2014

From The News Desk

There are more mobile devices than humans on the planet, and Gartner predicts that mobile devices will soon surpass PCs as the most common method to access the web. They have become an accepted form of an “endpoint.”

In network security-speak, endpoint security simply means securing every end point into a system. A mobile phone that can tie into the corporate network is an end point. So is an iPad or a public library PC. Each remote connection device means another potential security hole. Until recently, you could do much more with a PC or lap top accessing a corporate network than you could your phone.  As wearable computing takes off, however, and the definition of an endpoint morphs, mobile devices will soon function like the laptops of today.

It is a trend that cannot be stopped or slowed down.

The broad adoption of mobile devices is having an impact on business -- unlocking worker productivity, enabling new revenue models and substantially increasing employee and customer engagement. Gone are the days when content and applications were neatly warehoused within an enterprise data center, firewalled, controlled access given to trusted devices running trustworthy apps and software programs. Alas, the burden of securing enterprise resources has gotten substantially more difficult.

The trend towards Consumerization of IT and BYOD (bring-your-own device) has complicated the challenge of enabling secure access to corporate data, sacrificed user experience and started a new wave of privacy and compliance violations.

Privacy violations in bring-your-own-device (BYOD) environments are rampant today and corporations are unintentionally exposing themselves to significant litigation possibilities. Many businesses don’t consider that when the company places a mobile device management solution on an employees device, it acquires the ability to track network traffic and device location.

In many cases this violates user privacy every time the activity is non-work related. Today’s privacy-aware users want to know when they are being monitored.

Employees cane be confused and frustrated by the invasion of corporate software on to their personal devices. Compliance is decreased as employees find workarounds, moving data outside of corporate control, or failing to report lost devices for fear their devices will be remotely wiped. IT professionals are frustrated as well. Recent survey of IT professionals revealed that over 60 percent of respondents support a BYOD program, yet well over 46% of them don't have the tools in place to secure corporate data. This is a time bomb waiting to explode! As we all know, most security solutions fail not because of a weak security paradigm but because users find ways to work around it given the challenges they face in getting work done.

Is there a modern security model that doesn’t force companies to trade security for privacy or sacrifice user experience?

Yes, the cloud, and "cloud security" is no longer an oxymoron. Leveraging a new paradigm that I like to call “on-demand” cloud, it is possible to take advantage of the best aspects of cloud – elastic, economical, transparent without the disadvantages: persistence, data exposure, compliance violations, etc.

Lets use this new security paradigm to apply security and compliance controls in a more “stable” environment – the cloud. Isolating and abstracting these workloads in the cloud, lets call it cloud containment, has many advantages that will persist well into the future regardless of how the end-point morphs! It is time to stop managing the endpoint and really focus our energy on managing the data and application use rights, with the appropriate context applied in real-time!

Another key part: Let employees know when they are being monitored. If users explicitly choose whether an online session is work-related or not, and non work-related activity is not tracked or monitored by the company – privacy is maintained.  The IT department can track all work related activity when a user accesses an enterprise application, data or content – full visibility and control, but user initiated.  This approach would halt privacy violations, while also eliminating unnecessary corporate liability incurred due to errant personal use of the device.

Finally, don’t inhibit user experience or choice. The key to a successful security model is to focus on the user experience first. Make it dead simple then layer in the security elements.

Then you've covered all of your employee mobile endpoints.