Mobile Cloud Security:The Seven Fundamentals of Mobile Working

Having an agile, mobile workforce is becoming commonplace for a lot of small and medium-sized enterprises.

Remote working has been happening in corporate environment for decades, but they have whole teams dedicated to deploying infrastructures and locking them down securely.  Some organizations already have solutions in place, but are they secure?  How do organizations who have no remote working capability get started?

Authentication
For years, you’ve heard the security community harping on about having secure passwords.  It’s likely you are more than familiar with advice such as, no using the names of your children/pets, no birthdays/anniversaries, use a mixture of cases, use a mixture of numbers and letters, use  odd characters (e.g. #!$*), have passwords expire every 30 – 90 days. You may have paid attention in the past and if you did, good for you because you now have one less thing to worry about.  If not, it’s imperative that you implement these policies with remote workers.  Why?  Because instead of just having to contend with people inside the company trying to guess other people’s passwords, you now have all the hackers on the internet having a go.  They have tools that can try 100,000 password combinations in less than a minute and nothing better to do.  All it takes is one weak password on one user and suddenly they are in through your VPN.  The person with the weak password (“bobby 21”) will not be the one who has to explain the breach, it will be the IT department.

One-time passwords
Strong passwords help secure your remote access massively, especially in conjunction with encryption.  But they are not 100% effective against a determined/lucky hacker.  Keystroke loggers, packet sniffers, phishing scams and social engineering attacks can all be used to get even the most complicated password.  The only way to be sure is to use two factor authentication (2FA) on your VPN.  As the name suggests, 2FA uses two factors to authenticate users – something they have (key fob with a one-time, changing password) and something they know (a more traditional PIN).  This means that even if your worker’s password is captured, it’s useless as soon as it has been seen.

Encryption
We’ve all been shopping online for years.  We all know not to put any sensitive, personal data into a website until you see the little padlock in the web browser.  The same goes for remote working.  Your business data is valuable.  Access to your systems is valuable.  That’s why hackers have sniffers listening in various networks to capture stray passwords and other goodies.  Public Wi-Fi spots are goldmines for unencrypted user data – all you need is a laptop and the right software and you can grab logins to Gmail, Facebook, Hotmail, Yahoo accounts just by sitting there and waiting for people to connect.  You do risk a lengthy prison sentence and a large fine for breaking the Computer Misuse Act by doing this, but hackers don’t tend to be bothered by such things.  Using strong encryption makes it much more difficult to capture this data.  Even if they do get your encrypted data, it will take weeks/months/years of time, plus the compute resources of the NSA to crack it. That’s too much work and your average hacker will move on to more low-hanging fruit.

Access that works on the move
Unless all your remote workers are only just working from home, you need to ensure your mobile workers can work on the move.  This means a good combination of 3G data connections and wireless hotspot roaming.

Wireless hotspots are great if you’re stationary for a while and need a reliable connection at a decent speed, but can be expensive to use.  Especially if you tend to use more than one in a day (e.g. coffee shop, then airport, then meeting locations, then back to the airport again).  Therefore, having a wireless roaming agreement means that you can easily login to a variety of different hotspots, pay only for what you use and only get the one bill.

3G data connections are a must have if you either don’t have access to a wireless hotspot or aren’t in one place long enough to use one.  Some laptops have 3G data connections built-in, but for the rest of us you need to make sure you have a 3G dongle or can use your smartphone for tethered access (when you access the internet through the phone’s 3G connection).  Organizing this through your company mobile phone provider can sometimes make this easier and more cost-effective to organize than getting staff to get their own contracts.

Easy to use access software
VPN software is difficult and complicated to use if not setup correctly.  This can lead to frustration for your staff and make them more likely to use an alternative and possibly less secure way of getting their work done. SSL VPNs (a form of VPN that can be used with a standard Web browser and does not require does not require the installation of specialized client software) can take some of the hassle-factor out by using the commonly used browser interface to provide access to internal resources.  Not only is the interface familiar to most users, but because it uses standard web ports to send and receive VPN traffic, it tends to work from any remote location (home, Wi-Fi hot-spots, suppliers offices, etc) without needing any extra holes punched through the firewall.

End-point discrimination and tiered access
Having ease to use VPN software that can run from any browser opens up its own challenges.  How do you know that the end-point that your staff member is connecting from is not virus-ridden and full of malware?  Using end point assessment and discrimination, you can run checks on the remote PC to ensure it meets the requirements of your security policy.  Sort of like the bouncer on the door of the nightclub, you don’t want any jeans or trainers in your network.  As part of the process of logging in, some SSL VPNs can get the browser to run checks on the end-point to see whether it meets your guidelines:

•        Is it a company laptop?
•        Is there up-to-date anti-virus software installed?
•        Have any keystroke loggers been detected?

Depending on how many of the boxes the remote PC ticks in your list, you can then decide how much access the remote user should get.  The sales team gets access to both your web-based CRM system and the document store if their remote end-point passes all the tests, but if you don’t detect known and up-to-date anti-virus software then they get access to the web-based CRM, but do not get access to the document store.

Presence and shared calendaring
With everyone working from the office, you know exactly where everyone is supposed to be.   You can see just by looking around the office who is available to talk, who is on the phone, who is in a meeting and who has that “if you come within 2 feet of my desk, I will bite you” look on their face.  With remote and mobile workers, it’s not quite so simple.  Is Jim meant to be in the office today or is he in a meeting in London?  Lauren is working from home today, but is she free right now to talk about the marketing budget for next year?

Anyone who has used Microsoft Exchange or Google Calendar knows how useful it is to be able to look at someone else’s schedule before you suggest a time for meeting.  But it can only tell you what people have planned to do, rather than what they are doing right now.  Presence usually comes with a Unified Communications (UC) system such as Microsoft Lync, and gives you a status view of your staff at a glance.  People who are available show as green, people who are away from their desks show as yellow and those on the phone or in a meeting show as red.  It’s also possible for staff to add additional information such as their location and what they are doing, or mark themselves as DND (Do Not Disturb) if they need time to focus on a particular activity without interruptions.

Conclusion
With a more mobile and flexible workforce, there are increasing pressures on IT to provide fast, reliable, secure and easy-to-use remote access for the business.  It is possible to provide this capability using off-the-shelf hardware and software, but like any powerful tool they can be expensive and need to be installed and managed by experienced and qualified engineers.  An alternative option is fully managed remote access solutions, which can integrated alongside existing IT infrastructure.

Whatever the choice, businesses cannot afford to fail their changing workforce.

By Richard Morrell, Operations Director, Lumison

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
The Lighter Side Of The Cloud – Bottlenecking

The Lighter Side Of The Cloud – Bottlenecking

By David Fletcher Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.

Recent Articles - Posted by
Fintech Systems, Advancements and Investments

Fintech Systems, Advancements and Investments

Fintech Growth According to a recent report, global investment in fintech companies including both venture-backed and non-venture-backed businesses reached $9.4 billion in the second quarter of 2016; investment in venture capital-backed fintech startups, however, fell by 49%. Nevertheless, the Pulse of Fintech, published jointly by KPMG International and CB Insights, suggests venture capital investment in…

How Identity Governance Can Secure The Cloud Enterprise

How Identity Governance Can Secure The Cloud Enterprise

Securing The Cloud Enterprise Cloud adoption is accelerating for most enterprises, and cloud computing is becoming an integral part of enterprise IT and security infrastructure. Based on current adoption trends, it’s clear that the vast majority of new applications purchased by organizations will be SaaS applications. The allure is evident, from cost savings to speed…

Significant Emerging Technologies To Lookout For In 2017

Significant Emerging Technologies To Lookout For In 2017

Emerging Technologies The entire world is being transformed right before our eyes. Emerging technologies are developing at break-neck speeds, and the global community needs to be prepared for what lies in the horizon. As with anything new or evolving there is benefit versus risk to consider. Most of the up-and-coming technologies that will soon affect…

In The Fast Lane: Connected Car Hacking A Big Risk

In The Fast Lane: Connected Car Hacking A Big Risk

Connected Car Hacking Researchers and cybersecurity experts working hard to keep hackers out of the driver’s seat. Modern transportation has come a million miles, and most all of today’s vehicles are controlled entirely by digital technology. Millions of drivers are not aware that of the many devices in their digital arsenal, the most complex of…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Cloud Computing Is Greener Than You Think

Cloud Computing Is Greener Than You Think

Cloud Computing Is Greener Than You Think Last week we touched upon how a project in Finland had blended two of the world’s most important industries, cloud computing and green technology, to produce a data centre that used nearby sea water to both cool their servers and heat local homes.  Despite such positive environmental projects, there…

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing Despite the rapid growth of cloud computing, the cloud still commands a small portion of overall enterprise IT spending. Estimates I’ve seen put the percentage between 5% and 10% of the slightly more than $2 trillion (not including telco) spent worldwide in 2014 on enterprise IT. Yet growth projections…

Mobile Connected Technologies – The Future Of The Healthcare Industry

Mobile Connected Technologies – The Future Of The Healthcare Industry

Mobile Connected Technologies Clinics, hospitals, and other healthcare facilities are embracing new mobile technologies in order to be more efficient in their daily tasks. With faster communication and better collaboration, clinicians can spend much less time handling medical devices and more time administering care to their patients. Industry experts are stating that mobile connected technologies…

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations Everyone knows what the cloud is, but does everybody know where the cloud is? We try to answer that as we look at some of the most unusual data centre locations in the world. Under the Eyes of a Deity Deep beneath the famous Uspenski Cathedral in the…

The Questions of Privacy In The Internet of Things Revolution

The Questions of Privacy In The Internet of Things Revolution

Privacy in the Internet of Things Revolution The Internet of Things (IoT) has been promising a lot to consumers for a few years and now we’re really starting to see some of the big ideas come to fruition, which means an ever-growing conversation around data security and privacy. Big data comes with big responsibilities and…

Low Cost Cloud Computing Gives Rise To Startups

Low Cost Cloud Computing Gives Rise To Startups

Balancing The Playing Field For Startups According to a Goldman Sachs report, cloud infrastructure and platform spending could reach $43 billion by 2018, which is up $16 billion from last year, representing a growth of around 30% from 2013 said the analyst. This phenomenal growth is laying the foundation for a new breed of startup…