Today’s mobile workers need simple, reliable remote access to business applications, corporate resources, and email. While many businesses understand the need to provide their employees with access to these business-critical capabilities while off-site—via smartphones and PDAs—they must also recognize the need to secure the data that these devices store and access. And as the number of PDAs and smartphones increases, deployment and management of security policies becomes even more important to protect mobile workers and corporate networks.
Enforcing corporate security policies
One typical security problem that remote users may encounter is the
transfer of viruses or other malware via memory cards or sync
connections from infected mobile devices to laptops. Then, when
infected laptops plug into a corporate network, there is the potential
of further infection of internal corporate resources, possibly causing
substantial damage to valuable and sensitive information. However, this
is not the only security problem affecting mobile devices. The loss of
data privacy that can result from a misplaced, stolen, or improperly
used phone can also severely compromise corporate information.
Businesses must also ensure that mobile devices adhere to corporate security policies, especially those subject to United States (U.S.) regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or the Sarbanes-Oxley Act (SOX). These regulations not only require businesses to consistently enforce network and information security—no matter which devices or data are accessed—but also to provide proof of this enforcement.
Growing pains
The smartphone market is projected to grow at a compound annual growth
rate of 35.5 percent through 2011, according to one Informa study. This
growth will further increase with Microsoft Windows Mobile 6.0 devices
and Direct Push Technology, which enables mobile workers to receive
Microsoft Outlook Inbox, Calendar, Tasks, and other updates almost as
soon as they arrive on the server. And while Microsoft Windows Mobile 6.0 provides basic security, organizations concerned about malware,
regulatory compliance, and other threats will need an integrated
security and management solution that enables smartphones and PDAs to
be deployed quickly and securely. Key requirements of this kind of a
mobile device security solution include:
- Centralized management
- Personal firewall
- Lightweight VPN client
- Predefined security policies
- Secure session maintenance
Centralized management
To meet the baseline administration and security needs of mobile device
users, the SecureClient Mobile solution from Check Point offers
centralized management, over-the-air silent security updates, and
automatic policy push-out. Thus, it simplifies management of
smartphones and PDAs.
Personal firewall and lightweight VPN client
For a mobile device to access corporate resources, it has to
authenticate to one or more perimeter-security enforcement points such
as a firewall and VPN gateway. The mobile devices would then have
direct access to the corporate network using existing security gateways
and corporate access policies. However, some solutions require that
mobile device data pass through a proprietary server before reaching
the corporate
network. This requires more security on the server, increasing deployment and maintenance costs, and layering on security policies outside of normal remote access practices.
In contrast, the SecureClient Mobile firewall can force all mobile device traffic to go through a corporate gateway without using a proprietary server, enabling complete content control and inspection while controlling costs. Additional security can be set whether to allow encrypted data based on the network connection and even to offer granular device control like ActiveSync connections to PCs, enabling adherence to U.S. government regulations like HIPAA and SOX. This also ensures that devices and data remain confidential and comply with corporate guidelines.
In addition, the SSL-based VPN client of SecureClient Mobile easily traverses corporate firewalls, proxies, and network-address translation devices for connectivity from anywhere. For mobile devices, SSL is better suited than IPSec for VPNs because it allows more precise access control. This management advantage enables administrators to provide users only with access to their configured applications rather than the entire network.
Predefined security policies
SecureClient Mobile protects mobile devices and networks from malware
and hackers through predefined, automatically enforced security
policies. This dramatically reduces rollout time and costs of deploying
hundreds or even thousands of mobile devices to typically nontechnical
users. In addition, policies can be customized and enforced based on
roles or user groups for every organization.
Secure session maintenance
In mobile networking, connections are not guaranteed, and devices must
handle fluctuating connectivity. Consider a mobile device connected to
a cellular network as a user travels: the connection can be cut off or
handed off from wireless base station to base station. In case of
network loss, dropped calls, or areas of limited data access, a
connectivity solution needs to be able to maintain a seemingly seamless
VPN session without user intervention. However, this must be done while
still securing the connection against intrusion and malicious code.
SecureClient Mobile offers session continuation and credential caching to maintain a continuous mobile device VPN connection. Mobile device users can then roam across cellular or WiFi networks and move in and out of connectivity while benefiting from a persistent, continuous session. Credential caching allows users to log back into the network without having to reauthenticate, ensuring a consistent, transparent user experience and preserving productivity.
Conclusion
Worker mobility is a part of modern business life. It is made more
effective by establishing near-real-time secure remote connectivity
with corporate information systems. Technologies like SecureClient
Mobile and Direct Push enable this functionality by allowing mobile
device users to securely access their email, calendar, tasks, and
applications in near real time while in remote locations. SecureClient
Mobile meets these secure mobile connectivity needs by providing
centralized management, personal firewall, lightweight VPN client,
predefined security policies, and secure session maintenance. With
these capabilities, businesses can increase productivity while ensuring
that data is accessible yet secure—up to and including the compliance
mandates of government and corporate regulations.