Mobile devices have become a critical tool for the workplace. The most common example is the use of personal smart phones to check email and calendars. This has grown to encompass personal mobile devices managed by enterprise mobility management (EMM) solutions to enhance the security of the devices. EMM managed personal devices are no longer relegated to guest roles that only provided internet access.
The added compliance checks for pin lock status, jail broken status, application wrapping and other security features provide additional levels of trust in the security health of mobile devices. This allows personal mobile devices to use the enterprise wireless network to access portions of the internal network. This access allows for increased employee productivity.
The maturity of secure wireless solutions has also opened the door to optimize the industrial workforce. One example is the use of smart phones and tablets in warehouses to optimize logistics and operations. With wireless access to secured mobile devices, employees can track inventory and expedite shipping orders. This reduces operational expense by optimizing employee productivity.
With the use cases for workforce productivity growing, it is important to ensure that security is always incorporated into the wireless solution. The following list provides a starting point for integrating security:
- While it may be tempting to quickly setup a service set identifier (SSID) with Wi-Fi protected access II (WPA2) and configure a pre-shared key, this is not the most secure best practice method. From a maintenance perspective, the pre-shared key will need to be manually changed on a periodic basis. This introduces the possibility for configuration errors and the added coordination of providing the new pre-shared key to all authorized users. Additionally, the pre-shared key is crackable using tools which can be readily found on the Internet to decipher pre-shared keys. The more secure method is to use 802.1X for authentication. When using 802.1X authentication there is a choice between user username and password credentials or certificates. Certificates are the more secure option because it is provides a method of tying an authentication to a devices as long as the certificate is set to be non-exportable. With a username and password there is no way of verifying that the authentication is coming from an approved mobile device.
- It is important to ensure that the data on the device is secure. The use of an EMM solution provides the capability of enforcing the embedded encryption feature or encrypting the data on the device, as well as, remotely wiping the data if the device is lost or stolen. This is important to ensure that sensitive data is not lost.
- Mobile devices should only be allowed access to authorized or required resources. Restriction controls isolate the damage caused in the event that a device is infected with malicious software. These restrictions can be implemented by an access control list (ACL) applied to a centralized wireless controller or a firewall in-line with the wireless traffic.
- Network monitoring should be implemented to analyze traffic entering the network via the wireless devices. This monitoring will provide visibility into the types of devices accessing the network and allow any malicious traffic to be quickly discovered and remediated. This can be done by deploying an analysis tool to a switch port analyzer (SPAN) port at a point where the traffic from the wireless endpoints enters the network.
COMMENTS