When corporate professionals are asked how they conduct business/technology communication—connected by wire or connected by the cloud—most professionals indicate the company cloud and mobile devices are centric to their work efforts. This trend will grow geometrically in the coming years:
A new report from Juniper Research indicates the number of employee-owned smartphones and tablets used for business work will more than double in 2014 (reaching 350 million devices, compared to approximately 150 million this year).
From there, a core challenge in the cloud computing environment emerges: how can the IT department safely offer employees access to the enterprise-wide cloud by way of mobile devices? Smart phones, tablets, netbooks, and laptops enable convenient access cloud platforms—but unguarded connection to the enterprise cloud is a request for security issues in triplicate.
OUR ANALYSIS OF THE ISSUES
The IT department must address several Mobile Device Management (MDM) issues to securely offer company cloud access to end users. Examples of these issues include:
- Users want the option of choosing and owning their own mobile devices.
- They want to access apps for both personal and company-work use.
- They want open access to company email, data systems, and collaborative portals.
- All of this must be accomplished within the safe and guarded confines of firm security.
Best practices for secure, enterprise-wide cloud access have been identified:
- DEVICES: Before enabling cloud access: both company-supplied and employee-owned devices should be vetted and registered with the IT department. Device serial numbers, service provider names, and connection identifiers must be recorded and kept up-to-date. (An alternative approach is to define a group of devices approved for enterprise-wide cloud access.)
- SECURITY PROTOCOLS: Users should utilize mobile device security procedures. Approaches include password management, theft deterrence, lost device responses, and implementation app-management policies. As a specific example of security best practices: employees should be trained to consistently lock their devices with passwords. (This security practice is particularly important if devices are frequently left unused.)
- APP MANAGEMENT: Apps should be whitelisted or blacklisted, and jail-broken devices (where the operating system has been modified) should not be authorized for company cloud access.
- CORPORATE CONTROL OF DATA AND DEVICES: Processes and procedures to enable remote wiping of data and applications from cloud-enabled devices must be available. (These capabilities are vital to implement in cases such as employee termination or transfer to a competing organization.) To support end user convenience, procedures for app updates and security modifications should be enabled for automatic implementation.
Successful implementation of mobile device cloud computing requires a solution that addresses two axis of concern: the individual’s ease-of-use and the need for corporate-wide mobile device security. The reality is: employees will demand the capability to use their personal devices for access to enterprise-wide data and systems. The CIO has a crucial decision to make—how can the organization effectively address these mobile device security challenges?
Each of these issues will be best handled through implementation of an integrated system of mobile computing management utilities that include options for customization and scalability.
Citrix is a leading source for these technology solutions. Xenmobile and CloudGateway offer a single-source solution that enables end users and IT department leadership to address the challenges of cloud-based security in balanced and effective ways.
By John Benson
- Smart Wearables – Too Much Connectivity? - February 4, 2016
- Microsoft Underwater Data Center To Be Tested - February 1, 2016
- The Cloud Showdown: How To Determine The Best Cloud Solution For Your Business - February 1, 2016
- V2V Communications – Driverless Cars To Impact Lives - January 29, 2016
- A New CCTV Nightmare: Botnets And DDoS Attacks - January 28, 2016