Securing your mobile workforce
Advances in technology have meant that both business- and salespeople on the road or off-site are no longer only limited to accessing e-mail and documents. They are now able to access corporate applications and databases through mobile devices from anywhere across the globe. The mobilisation of the South African workforce has therefore forced organisations to create solutions that allow their employees to work while they are out of the office, at home or on the road.
According to Ian Shak, Security Business Unit Manager at Internet Solutions, the mobilisation of the workforce is a growing trend among South African organisations. “IT departments are now tasked with providing access to the company’s electronic vault via various mobile devices, such as Blackberries and iPhones, as well as laptops connected to the internet outside of the company network. To ensure the effectiveness of these connections the organisation must choose a solution that has the correct combination of usability and security. Gone are the days where IT administrators could simply punch a hole in the firewall for the purpose of publishing an internal application to mobile users, allowing them to access it remotely over the web.
“This has necessitated certain changes to the network security and encryption needs of Remote Access Services (RAS) because the type of information being accessed is more sensitive in nature. A security specialist is therefore required to implement a secured RAS by using the latest technology and security methodology to ensure best practise is followed during both the implementation and use of RAS,” continues Shak.
Shak recounts various stages of RAS advancement, starting with the Microsoft Windows NT implementation that facilitated dial-up access into the corporate LAN. “This was a simple RAS to build, but only featured limited accessibility,” he comments. “Virtual Private Network (VPN) solutions were the next logical advancement, allowing users to use a VPN to enter the corporate LAN from any internet connection. The most recent advancements are browser based VPN’s that rely on the Secure Socket Layer (SSL) of the browser to encrypt and secure the transfer of information.”
According to Shak, browser based VPN’s are gaining popularity, stealing market share away from traditional VPN tunnelling solutions. “This is due to the fact that a SSL VPN does not require specific client software, other than a modern browser. However the authentication method now needs to be examined, as administrators are forced to expose SSL gateways to the general internet.” In this regard the best way to securely authenticate via a mobile device or a shared computer is with the use of One Time Password (OTP) authentication, as it provides an additional level of authentication that is constantly changing and can only be used once. “The generation of an OTP token means that users will need to use a password and an additional, unrelated factor to gain secure access to the network. This is done with the use of a hardware or software token manufactured in compliance with open cryptographic algorithms,” comments Shak.
“The use of an OTP token helps to reduce the risk that lost or stolen mobile devices pose to the organisation. This is because thieves will not be able to gain access to the network by simply firing up the VPN on the assumption the user has saved their username and password,” he continues. “OTP based network access also helps network administrators improve the management of their environments, especially when third parties need to gain access to the network to perform maintenance or install new software. OTP linked profiles can now be created that limit the movement these contractors have within the network because, in the past, when they entered the environment they had carte blanche to access and view all data and information. An OTP can also be used to revoke access once the mandated tasks have been completed.”
Shak concludes by saying that regardless of your VPN and RAS environment SSL based solutions, with multi-factoral authentication is the way that security is moving. “There are solutions available that scale to meet just about any organisations’ secured connection needs. This means that smaller businesses don’t require complex, enterprise VPN solutions to deliver secured RAS, but it does mean that more attention needs to be given to security,” he says. “At the end of the day, companies always need to consider the concept of security versus accessibility. Companies and mobile workers need to remember that the whole purpose of security is to make accessing a network harder, especially for anyone trying to gain unauthorised entry. However, by designing a solution with too many complicated hoops for the users to jump through will mean that no-one will use it.”
|
TAMMY DU PREEZ
Communications Manager
Tel: 087 365 7768
Tel: +27 (11) 575 7768
Fax: +27 (11) 576 7768
|