5 real-world tactics to protect your enterprise business

5
1 Copyright © 2009 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Qwest entities. All marks are the property of the respective company. September 2009. AVOID THE MOBILE BLIND SPOT: FIVE REAL-WORLD TACTICS TO PROTECT YOUR ENTERPRISE NETWORKS Support your 24/7 workforce with safe and flexible remote access. EXECUTIVE OVERVIEW — TACTICS ENABLE FLEXIBILITY AND PROTECTION FOR A PRODUCTIVE WORKFORCE Today’s successful businesses run at the speed of light, requiring employees and corporate assets to be available and accessible 24 by 7. Enterprises need to find a way to allow rapid, flexible access while protecting themselves from serious risk. When employees travel with corporate data on laptops and other portable devices it becomes increasingly harder to manage, and control such data, or even know if it’s being protected, thereby creating a “mobile blind spot” that has the potential to wreak havoc on your corporate communications network. Identifying key mobile blind spots and taking steps to protect data in transit is critical to protecting your business. This paper outlines five real-world tactics that you can use to enhance mobile security in your organization. These tactics will help provide your workforce with the flexibility it needs to be productive anywhere, anytime, while protecting valuable corporate assets and the enterprise network against imminent security breaches and risk in an expanding mobile world. BEWARE OF THE MOBILE BLIND SPOT — SIGNIFICANT RISK AT STAKE Increasing busy lifestyles mean that employees must have the flexibility to work remotely to stay productive. However, such flexibility requires remote access over often unsecured Internet connections. Employees log on at WiFi hotspots in coffee shops, airports, hotels, remote offices, client offices and from home. They access corporate networks over laptops, smart phones, and other portable wireless devices. Although this trend toward mobility can improve productivity, it also puts corporate networks at significant risk. When employees work remotely from wireless devices, they create a mobile blind spot. Simply put, corporate IT departments cannot monitor what’s happening on those mobile assets once they log off the network. They cannot guarantee the security of the corporate data on those devices, and they lose visibility into who is accessing corporate data or, even worse, who might have access to the corporate network from those devices. A lost laptop with confidential information or network passwords could cost a company millions in data loss, network downtime, stolen information, legal costs and reputation. By enabling employees to work remotely, IT departments have moved the datacenter to a collection of mobile devices that travel to the dinner table, the coffee shop or little league field. The LAN is no longer the prevailing IT architecture for conducting business in the 21st century. The Internet is now the corporate network. The question is how do you adopt this more productive, more flexible way of working while keeping corporate assets secure? According to an IDG Research Services survey conducted in 2008, 81% of responding CIOs reported being concerned about reputation, while 79% were worried about legal consequences of a security breach. WP101111 1/10

Upload: readwrite

Post on 12-May-2015

1.492 views

Category:

Technology


1 download

DESCRIPTION

It’s a time where speed matters more than ever before. Businesses need to run at such a rapid pace that at times it has to take security risks that can cause all kinds of havoc to a communications network.That’s especially true when you consider what happens when people travel. The data and information is a bit more vulnerable, creating a “mobile blindspot,” that has to be monitored. This brief from Qwest explores five real-world tactics that you can use to enhance mobile security in your organization so you can avoid those mobile blind spots and keep your organization moving at that ever quickening pace.

TRANSCRIPT

1Copyright © 2009 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Qwest entities. All marks are the property of the respective company. September 2009.

Avoid the Mobile bliNd Spot: Five ReAl-WoRld tACtiCS to pRoteCt YouR eNteRpRiSe NetWoRkSSupport your 24/7 workforce with safe and flexible remote access.

ExEcutivE OvErviEw — tactics EnablE flExibility and prOtEctiOn fOr a prOductivE wOrkfOrcE

Today’s successful businesses run at the speed of light, requiring employees and corporate assets to be available and accessible 24 by 7. Enterprises need to find a way to allow rapid, flexible access while protecting themselves from serious risk. When employees travel with corporate data on laptops and other portable devices it becomes increasingly harder to manage, and control such data, or even know if it’s being protected, thereby creating a “mobile blind spot” that has the potential to wreak havoc on your corporate communications network.

Identifying key mobile blind spots and taking steps to protect data in transit is critical to protecting your business. This paper outlines five real-world tactics that you can use to enhance mobile security in your organization. These tactics will help provide your workforce with the flexibility it needs to be productive anywhere, anytime, while protecting valuable corporate assets and the enterprise network against imminent security breaches and risk in an expanding mobile world.

bEwarE Of thE mObilE blind spOt — significant risk at stakEIncreasing busy lifestyles mean that employees must have the flexibility to work remotely to stay productive. However, such flexibility requires remote access over often unsecured Internet connections. Employees log on at WiFi hotspots in coffee shops, airports, hotels, remote offices, client offices and from home. They access corporate networks over laptops, smart phones, and other portable wireless devices. Although this trend toward mobility can improve productivity, it also puts corporate networks at significant risk.

When employees work remotely from wireless devices, they create a mobile blind spot. Simply put, corporate IT departments cannot monitor what’s happening on those mobile assets once they log off the network. They cannot guarantee the security of the corporate data on those devices, and they lose visibility into who is accessing corporate data or, even worse, who might have access to the corporate network from those devices. A lost laptop with confidential information or network passwords could cost a company millions in data loss, network downtime, stolen information, legal costs and reputation.

By enabling employees to work remotely, IT departments have moved the datacenter to a collection of mobile devices that travel to the dinner table, the coffee shop or little league field. The LAN is no longer the prevailing IT architecture for conducting business in the 21st century. The Internet is now the corporate network. The question is how do you adopt this more productive, more flexible way of working while keeping corporate assets secure?

According to an IDG Research Services survey conducted in 2008, 81% of responding CIOs reported being concerned about reputation, while 79% were worried about legal consequences of a security breach.

WP101111 1/10

Copyright © 2009 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Qwest entities. All marks are the property of the respective company. September 2009.

2

This question keeps CIOs up at night. According to an IDG Research Services survey conducted in 2008, 81% of respondents reported being concerned about their reputation, while 79% were worried about legal consequences of a security breach. Roughly 74% were concerned about losing critical data, while 58% listed compliance as a major concern.

Validation for these concerns is only going to increase. More and more hackers are trying to siphon proprietary data off of corporate networks because it is a lucrative albeit illegal business. A balance must be created between maximizing employee productivity and preventing security breeches that can be devastating to the company whose network is infiltrated.

fivE ways tO rEducE risk in a mObilE wOrkfOrcE and incrEasE EfficiEnciEsHosted services are being adopted quickly by companies interested in providing worker flexibility, increasing productivity and maintaining high levels of security. With proper planning, it’s possible to replicate the security characteristics of a LAN through a cloud-based, hosted computing model, where dynamically scalable and often virtualized resources—applications and services—can be accessed and used over the Internet. Through this hosted model, companies can employ key tactics that help minimize the mobile blind spot and increase work efficiencies. These five tactics include:

Ensuring visibility through continuous network monitoring.1.

Protecting business end points from theft and infiltration.2.

Safeguarding data at rest and in transit with encryption technologies.3.

Tying access to directories, identities and roles.4.

Enforcing productivity by extending office resources to employees working anywhere.5.

Ensuring visibility with continuous monitoring — tracking Esssentials increases productivityNo insight equals no awareness. If you’re not aware of what’s going on in your network, your data could be at risk. An IT operations tool that can provide visibility to all corporate assets, including laptops, USB drives, phones and other portable devices is essential to preventing breaches. Such a tool provides a single pane of glass through which IT staff can monitor all mobile devices carrying corporate data and helps enforce policies based on visibility; in other words, if the IT department can’t track activity on a device, access over the corporate network will be denied.

Monitoring services help reduce risk by enforcing devices are in compliance with corporate security policies, and by identifying devices that are out of compliance. They determine whether or not devices are running the right versions of the right software with the appropriate access rights. The service should also provide reporting on failed compliance and be able to take actions to remediate the issue.

WP101111 1/10

Copyright © 2009 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Qwest entities. All marks are the property of the respective company. September 2009.

3

Some monitoring services provide a dashboard from which administrators can easily check policy compliance on all devices connected to the network to assist with remediation. For example, an administrator can glance at the dashboard and see that an executive is attempting an important task but can’t complete the task because his device is lacking a particular software update necessary for compliance. Because he has this visibility, the administrator can immediately address the problem and help the executive complete his task. In this way, monitoring tools help increase productivity and ensure business continuity.

protecting business Endpoints — requirements for complianceA second tactic to improving mobile security is to protect and update business endpoints—that is, mobile computers and any other device used to access corporate data. This is critical, even when the endpoint is not connected to the LAN. Users can connect to the Internet and unintentionally download viruses and worms that can infect the machine, which can in turn transfer the virus or worm to the corporate network once connected. Protection from startup to shutdown, anywhere the device is used, is necessary. All devices should have all the security controls in place, including encryption solutions and passwords, to be in compliance, both on or off the network.

In the cloud, a hosted platform can provide monitoring to enforce policies and remediate out-of-date software on all non-compliant end points, or block non-compliant endpoints from connecting to the corporate network. These hosted services can speak to remote devices, gather compliance information and report back to the corporate network, displaying the results on the administrator’s dashboard. This capability helps narrow the mobile blind spot significantly.

WP101111 1/10

Copyright © 2009 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Qwest entities. All marks are the property of the respective company. September 2009.

4

safeguard your business — maintaining your company reputationWith so many mobile workers, businesses cannot ignore the potential for loss or theft of corporate assets. What happens when an employee stops somewhere on the way home, leaves his computer in his car, and someone breaks into the car and steals it? Now, any sensitive data on the machine is vulnerable and in the hands of unauthorized people.

Data protection is particularly important to a company’s reputation. You want to make sure your customers know they can trust you will keep their information secure.

Encryption technologies are the most common way to protect data at rest. Companies should employ hard drive encryption solutions that make all data invisible to thieves. Data leak prevention for data in motion prevents the leakage of sensitive data by inspecting the content of files based on set policies and taking appropriate action.

tie access to directories, identities and roles — protected access of corporate resourcesMost companies allow teleworking for a number or reasons. Teleworking supports green initiatives and offers employees the flexibility to work anywhere and thus be more productive. But is there a better solution for enabling remote working than buying, distributing and managing large laptop inventories?

One way to minimize hardware costs is to leverage home computers that most workers already have. Companies can provide access to corporate resources via USB drives and mobile keys, for example. Remote workers can sign on remotely by entering credentials using any personal computer, and have a desktop view of their work PCs at home. With single sign-on, employees gain remote access to corporate resources, without having to physically take a laptop out of the office. This eliminates the risk of losing data through device theft or loss. Policies can be layered onto this model to prevent copying and pasting information from work desktops to personal devices, as well.

minimize non-productive activity — Enforce policy with controlsAlthough teleworking can increase productivity by extending office resources to anywhere employees are, it’s important to enforce that employees are indeed working when they are not in the office. In a down economy, acquisition decisions weigh in productivity statistics heavily. Despite the demand for mobility in the workforce, unsupervised employees can be easily distracted by personal business, such as email, web surfing and instant messaging.

To prevent lost productivity that can result from an increasingly mobile workforce, put policies in place and then enforce them through specified controls:

Establish a percentage of personal to business activities that remote workers should strive to achieve—75% may be a •good goal.

Standardize on a single platform and limit ability for use of that platform outside company boundaries. For example, •you can place a gateway in the network to archive all conversations between employees.

Notify employees that IM conversations are monitored and that logs are stored for managerial review.•

Require manager approval for external messaging access.•

Use software controls to restrict employees to using a company-wide platform only, and turn on the monitoring •function.

Collect usage stats and generate reports to support disciplinary action.•

Keep in mind that even if you tell your employees you’re monitoring their usage, the reality is no one has time to actually go through all the logs. Send an email to every manager with a link to a log file of instant message files for each of their reports. Suggest that managers review those links once a year..

WP101111 1/10

Copyright © 2009 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Qwest entities. All marks are the property of the respective company. September 2009.

5

CoNNeCt. SiMpliFY. eNhANCe.® with Qwest Business Solutions®

Qwest is focused on helping you work smarter, with services that leverage the latest technology and award-winning support. Here are a few solutions that can address the issues covered in this solutions brief:

QwEst mObility™Qwest Mobility lets you expand your business with a reliable, managed mobility solution. Qwest Mobility simplifies the management of security features and company policy for desktop and laptop users, whether traveling for business, working from home, at the office or temporarily assigned to non-office locations. This is an ideal service for customers needing a solution that seamlessly integrates all necessary components for endpoint enforcement, remediation, VPN client integration, disk encryption and data leak protection.

managEd sEcurity sErvicEsWith Managed Security Services, Qwest can administer and monitor your network on your behalf while you concentrate on other mission-critical elements of your business. Let Qwest allow you to focus on what’s important—your business. And, save you time and money through the use of our expert tools, skills, and processes to improve system uptime and performance, optimize security investments, improve employee productivity, and demonstrate compliance. Tools such as Qwest Anti-Virus/Anti-Spam, Qwest Web Defense, and Qwest Managed Firewall create layers of protection to help reduce the costs and complexity associated with managing security while preventing the impact of security threats.

thE pEOplE and prOductivity havE lEft thE building — yOur sErvicE prOvidEr can hElpThe truth is, business don’t have mobile and non-mobile workers anymore; every worker is mobile at some point. A workforce that has the flexibility to be creative and the freedom to lead balanced lives will be more content and loyal, and capable of moving the company forward. However, cyber crime is a recession-proof industry, and as the number of incidents continues to increase, so do security and compliance requirements for mitigating risk. Implementing the right policies and tactics will help you reap the benefits of mobility, without the risk. Companies that let the goal of preserving brand integrity guide their budgetary decisions develop strategies that make sense and make the most of the dollars in their budget. Here are a few things to keep in mind:

Objectively assess the number of mobile devices in your network and create a realistic security budget line item. •

Identify key risk areas of your business—and determine what tactics make the most sense. What are the cost savings •and impact to your business in terms of reputation, stock price, valuation and risk prevention?

Choose a provider who will work with you to consolidate architectures and provide an integrated approach. •

Stay in touch with your service provider and stay abreast of the tools available to you to help reduce risk and •eliminate the mobile blind spots.

why QwEstQwest delivers reliable, scalable data and voice networking solutions, across one of the U.S. largest fiber footprints. Qwest serves businesses of all sizes, ranging from small business to 95 percent of Fortune 500 companies, with industry-leading SLAs and world-class customer service.

lEarn mOrEFor more information about Qwest voice and data services for large businesses, visit www.qwest.com/business or call (877) 816-8553 to speak to a Qwest representative.

WP101111 1/10