Feature: Remote working renovation

The ‘silly season’ is a very sensible time for IT departments to ensure they’ve nailed their remote working policies for what will be a very big year of BYO IT and mobile devices, Tim Lohman writes

Devices, Data and Apps

CA’s security and solutions practice manager, Trevor Iverach, says that when it comes to addressing the security aspects of remote working, IT departments should focus on three aspects: The device, the data and the applications.

Under the device heading Iverarch says organisations first need a means of identifying a user and the device so that if either attempt to access the corporate network from a location other than the office the IT department is 100 per cent certain what that device is and who the user is.

“Typically there is DNA or a digital fingerprint for each device,” he says. “What we do is go through a process of registering that fingerprint and then trusting that so that if I am logging in from Wi-Fi in the city we can identify that it is me — not someone in Russia masquerading as my device. Also having strong authentication — two factor, such as a password and token — is important.”

To address the device and the data on it, IT departments need to look at implementing some form of remote management. However, assessing the paralysing array of choices in this area can be a challenge, Iverarch says.

“The mobile device management market has 70-odd vendors and that’s expected to double to about 140 next year,” he says. “The clear message I get is that organisations are confused. They want to buy one product that will give protection and management of the device and management of the apps on the device. Today, there isn’t one vendor that does that.”

In the meantime, IT departments must still attempt some form of mobile device management — especially if the organisation has a fleet of devices. That’s as the scale of work to manually setting up and applying policies to devices is a major burden. “You also need remote management for setting up passcodes so users can access the device, to remote wipe it, switch categories on and off, and control what users can and can’t download onto the device,” Iverarch says. “That all comes under mobile device management umbrella.”

The remote management issue, while making a lot of sense for IT, can be pretty contentious. Iverarch says that some organisations, such as the Department of Defence, are approaching data security by having staff sign a waiver accepting the organisation’s right to remotely wipe the entire device should it become lost or stolen.

While that level of control in the defence forces may be acceptable, for many other organisations such a policy is likely to cause friction — particularly given how much personal data is stored on BYO devices.

Fortunately, there may be some progress in this regard in 2012. Iverarch says software in development in the US will allow devices to be split into a corporate half and a personal half.

“On the corporate half you will deploy with your remote management, your business apps, your encryption and so forth, but on the other side it will be the user’s own Facebook, Twitter, Angry Birds and so on,” he says. “It’s early days… but if it works and is effective it could eat into Apple’s market very quickly as it would be an enterprise-enabled option. Enterprises could strike a good balance.”

On the data and application security side, Iverarch advises the use of data loss protection technology to manage what and how data is moved to and from mobile devices. He also points to anti-malware software as being important for application security; especially for Android-based mobile devices.

“I expect that there will be a noticeable increase in malware for Android-based devices in the next 12 months, as these hackers follow technology trends like you saw 15 years ago with Windows and Word,” he says.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags remote working

More about AppleCA TechnologiesDepartment of DefenceFacebookGartnerIBRS

Show Comments
[]