• United States




Security on the move: protecting your mobile workforce

Aug 17, 20175 mins
Data and Information SecurityMobileMobile Security

Organizations have never faced as daunting of a task as securing their critical assets while users bring in uncontrolled and hard-to-monitor mobile devices into their enterprise networks. But it’s not hopeless. Getting back to some basic management functions can better secure your networks, while allowing BYOD policies for your users.

mobile device management
Credit: Thinkstock

Organizations with mobile workforces face serious challenges when it comes to their overall cybersecurity posture. As more users leverage laptops, tablets, smartphones and other portable devices, security risks begin to increase in three areas which can be simply categorized as:

  • What users bring in to the environment
  • What users take out of the environment
  • An overall increase in scope of what can be attacked

Looking at the risk of “what users bring in to the environment”, companies must deal with devices being attached to their corporate networks which have also connected to a user’s home network, public Wi-Fi hotspots and any number of other unsecured networks. These systems are likely not as well protected as those governed by enterprise-class endpoint security tools, and thus, run a much larger risk of being infected with malware, viruses, ransomware, worms and other malicious programs used by attackers. When a user’s compromised device is connected to a corporate network, it introduces the potential for these malicious tools to launch more attacks against the other devices on the network, or serve as a point of entry for a cybercriminal to the network, bypassing all perimeter defenses. There are many strategies that can be employed to defend against this sort of problem, including, but not limited to:

  • Set strong policies which require that devices connected to the corporate network have endpoint protection software which is up to date and that systems are fully patched
  • Create wireless networks which are available for user’s non-work systems which they can utilize for Internet access and other functions without allowing them to be connected directly to the internal corporate network
  • Develop Internet-facing services for email, messaging and other basic corporate functions which users can access remotely without need of internal access
  • Assign corporate-owned mobile devices to users, instead of allowing personally-owned devices, which have the same endpoint protection software, access controls and other corporate governance as any other device on the internal network

As for “what users take out of the environment”, trying to keep classified or critical, proprietary data safe is a primary need of any organization, regardless of their vertical. Intellectual property theft is a very real problem for almost any organization, and even in areas where it may not seem as obvious. Take universities and other organizations in academia, where research papers and doctoral theses can generate millions of dollars in revenue from grants, government investment or corporate efforts to license the findings for commercial purposes. Users who have access to this kind of critical data could easily copy it to unsecured mobile devices and transport it out of the protected network, compromising the data and potentially impacting the organization for large amounts of revenue. To protect against this kind of data loss and theft, organizations must have strong access controls around who can access information stored across their network, adopt Least Use Privilege policies to ensure that only the users who must have access, do, and for complex access requirements, consider implementing Data Loss Prevention (DLP) solutions which can provide a wide array of logging, tracking, access control, and other data access functions which can prevent a user, whether authorized or not, from exfiltrating critical information out of the environment.

Finally, when organizations begin to expand their workforces outside the confines of a well-controlled network housed in physical office locations, the more common, outdated types of defense strategies start to become difficult to implement and manage. Notions of a traditional Internet perimeter where a firewall can block out unwanted external traffic simply disintegrates when put into practice in today’s cloud-based and hybrid environments, and network admins now must wrestle with huge numbers of mobile devices all over the globe which are accessing corporate resources and are being connected to public and unsecured networks. This means that the potential number of devices which hackers can attack goes up dramatically, and the ways in which they can be protected starts to shrink.

It’s imperative that organizations find security solutions that will scale up alongside not only the sheer volume of additional devices being used, but the scope of where and when these devices are used to perform work. Leveraging cloud-based technologies to store data centrally can be one option, provided that sufficient technological controls and legal protections are in place. Additionally, more and more security vendors are providing strong cloud-based solutions which can scale up quickly and easily to identify and protect your devices wherever they are in the world and provide centralized management functionality to your internal IT staff responsible for controlling these assets.

While there are a number of challenges for all organizations as they move to and utilize a more nimble and mobile workforce, with proper planning, strong controls and using scalable cloud-based security technologies, they can reduce their overall risk of loss while dramatically increasing the security posture of the environment as a whole.


Nathan Wenzler is the Chief Security Strategist at AsTech, a leading information security consulting firm. Wenzler has nearly two decades of experience designing, implementing and managing both technical and non-technical solutions for IT and information security organizations. He has helped government agencies and Fortune 1000 companies build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security effort.

As the Chief Security Strategist for AsTech, Wenzler brings his expertise on security program development and implementation in both the public and private sector to administrators, auditors, managers, C-Suite executives and security professionals across a wide variety of organizations and companies around the globe.

Wenzler is a whiskey/scotch connoisseur and revels in collecting rare spirits and experimenting as a mixologist.

The opinions expressed in this blog are those of Nathan Wenzler and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.