Report Finds that Mobile Workforce Poses Increasing Security Threat

According to a new study, policy blocks based on corporate policies get triggered 35% more often by workers when they are mobile or on the road, compared with being in their office or home office. Those results come from a new MessageLabs Intelligence Report from Symantec.

In general, more policy blocks overall are triggered by workers when they are out of the office, pointing to mobile users being more likely to visit a greater variety of websites than they would when at their desks, increasing the need for controls that do not hinder their legitimate tasks.

Comparing browsing habits when mobile with those in the office, the report found that mobile workers are more than five times as likely to trigger policy controls relating to disallowed downloads. Mobile workers are also more likely to attempt to violate prohibitions on shopping, search engines, and personal or social websites. Maybe unexpectedly, the report found that attempts to access adult or sexually explicit content was more likely to happen from the workplace.

The findings support the argument, reinforced by security experts, that without automatic enforcement tailored to the demands of mobile workers, having written security policies does little to make the organization more secure.

In addition to workers trying to access prohibited content, the Symantec report also said that a persistent threat is workers trying to access legitimate sites that have been blocked, thereby impacting effectiveness and productivity when mobile. According to the study, "recent analysis by MessageLabs Intelligence highlighted that more than 80% of websites blocked as malicious were found to be legitimate websites." In other words, balancing usage policies with real-time security that accommodates the demands of wireless connectivity is essential for safeguarding mobile workers.

Mobile Network Access Control (NAC)

IT administrators who support highly mobile field forces need security solutions that protect their networks without impacting the productivity of the mobile professionals they serve. NetMotion Mobility XE's Mobile Network Access Control (NAC) has been proven in a range of public sector deployments to only allow devices to connect to the enterprise network only after meeting specified security policies, but gives administrators greater control and flexibility over how and when to administer automated remediation policies to fix problems without interrupting the end user.

In this way a Mobile NAC designed specifically for mobile working should  typically deploy in minutes without any need to reconfigure network infrastructure. A NAC wizard can make it very easy to configure and hence to enforce access security policies automatically, with sensitivity to the speed of the connection the user is on at the time.

Administrators can thus check compliance for required software including:

• Antivirus

• Antispyware

• Firewall

• Operating system version

• Windows^TM Update status

• Registry keys

• and other applications.

Unlike automatic security policies that force users to perform time-consuming, non-critical software updates before allowing access, Mobile NAC integrates with Mobility XE's Policy Management Module (see below), giving administrators flexibility and control over how to handle and respond automatically to a device that does not meet security guidelines.

Based on severity and even the speed of their connection, administrators may choose from simple warnings, to triggering customizable remediation policies that can limit application access, launch websites, or even initiate software downloads automatically. In sever cases one can also trigger disconnecting or quarantining the device. When rules are updated, they are automatically pushed down to client devices, and devices are automatically rescanned at regular intervals, dictated centrally by administrator control, to ensure ongoing compliance. This compliance can be logged and  audited with Analytics reporting (see below).

Mobile Policy Management

Mobile computing, particularly over wireless and public networks, presents new management and security challenges. Often, there are multiple networks, many types of devices and different groups of mobile workers with varying roles and application requirements.

For a mobile VPN deployment in existing public sector customers, the NetMotion Mobility XE Policy Management Module gives administrators unprecedented flexibility and control over mobile productivity and security. With Policy Management, administrators can create custom policies to manage access to network resources. Conditions and actions can be combined to help control cellular costs, bandwidth usage and user experience according to your organisation's security policies. Basic block, allow, disconnect or pass-through actions can be assigned to parameters such as network interface speed, network name, IP address, date and time, OS version, and application name.

Policies are centrally maintained in the Mobility XE server and automatically pushed out to mobile devices in the field. Policy enforcement is transparent to the user and can be modified for an individual, work group or entire organization.

Practical Policy Management Scenarios Include:

• Disable image compression for critical applications (such as MRI scan, fingerprints or maps)

• Limit access to network resources based on the time of day or type of network in use

• Automatically synchronize data only when a high-bandwidth connection becomes available

• Block bandwidth-intensive applications such as private web surfing or software and  antivirus updates over low-bandwidth networks

• Prevent unauthorized applications from consuming network resources

• Prioritise critical applications above email and system management functions if required (see Quality of Service (QoS) below)

• Automate hotspot authentication

Manage VPN Traffic with Quality of Service (QoS)

NetMotion Mobility XE Policy Management integrates best-in-class Quality of Service (QoS) for even greater control over the speed and quality of mission critical transmissions. Administrators can allocate more or less of the available bandwidth to specific applications. Traffic shaping can significantly improve performance on low-bandwidth networks, like cellular and wireless access points, and is especially important when bandwidth-intensive applications are being used. Without QoS, all VPN traffic is treated equally and the most sensitive applications are vulnerable to delay when connections are constrained.

Ideal complement to the Mobility XE Analytics Module

The Policy Management Module is ideal for taking action, based on the intelligence gathered through the Mobility XE Analytics Module. Administrators can use the insight from the Analytics Module to find problems that impact productivity, push out corrective policies through the Policy Management Module, then use the Analytics Module to verify the impact of those policies.

Analytics Reporting and Management Alerts

The NetMotion Mobility XE Analytics offering is unique in the industry and delivers visibility into resource use and performance that is simply unavailable in other VPNs.

Visibility Into User, Device and Network Behaviour

The Analytics Module delivers more than 20 reports with statistics on performance and usage, furnishing insight and intelligence on the networks and applications used by mobile workers. Know how devices and bandwidth are being used, which applications are being run, and where and when mobile workers might be encountering coverage problems. Use this insight to fine-tune policies, make the help desk more efficient, and track compliance with carrier agreements.

Notifications for Hands-off Management

Automated notifications issue alerts of problems with devices or with the mobile deployment - often before those problems can impact productivity or performance. This allows "management by exception". Managers can spend less time finding problems, focus instead on fixing them, and free their time for other tasks.

Designed to Complement for Mobility XE Policy Management

The Analytics module works hand-in-hand with the NetMotion Mobility XE Policy Management Module. Administrators can use the insight from the Analytics Module to find problems with device, application and network use that impact productivity, push out corrective policies through the Policy Management Module, then use the Analytics Module to verify that results are as intended. This provides a way to continuously improve the performance, cost-efficiency and productivity delivered by the mobile deployment.