Tips for Creating a Security Architecture for the Mobile Enterprise

Today, when we think of mobility our first inclination is to look at the hand-held device right next to us. But that’s a very tactical approach to a much broader, strategic conversation. The concept of enterprise mobility security must now involve the end-user, how content is consumed, how efficiently it’s being delivered, security and compliance as well as the end-point device itself. While the overall goal of mobile communications is to enable and empower the mobile workforce to give them greater freedom of access to information and resources, it must be done securely.

As users evolve and workloads get a lot more complex we’ll see an increase in data usage as well as the kinds of devices accessing the modern enterprise datacenter. Consider this data from the latest Cisco Mobile Forecast and Cloud Index reports:

• Global mobile data traffic will increase nearly tenfold between 2014 and 2019
• Because of increased usage on smartphones, smartphones will reach three-quarters of mobile data traffic by 2019.
• By 2019, mobile-connected tablets will generate nearly double the traffic generated by the entire global mobile network in 2014.
• Globally, the data created by IoE devices will be 277 times higher than the amount of data being transmitted to data centers from end-user devices and 47 times higher than total data center traffic by 2018.

These trends will only continue to accelerate as users utilize more devices while accessing even more workloads. So how ready is your organization to support these users and all this data? How ready is your security platform for these kinds of mobility initiatives?

The reality is that there’s a bit of catching up to do. According to Gartner, there is a lack of penetration of security tools among users of new mobile platforms. Many consumers and organizations do not yet recognize that security is important for mobile devices and have not yet established a consistent practice of deploying mobile device protection platforms.

So let’s look at how you can be better prepare for this mobile revolution:

Tip #1: Use an Application Centric Infrastructure (ACI).

We’re now seeing the introduction of truly intelligent controls spanning applications and the networking layer. With an application-centric architecture, you’re inserting intelligence which spans the network, route, compute and security that allows you to truly become “mobile ready”. Let’s assume you have a core application which requires specific ports to be open at various locations. This application is delivered to both corporate-owned devices and ones that are ‘BYOD’. This means that users will be accessing the applications from both secured and unsecured networks. But what happens if you need to de-commission the application? What if you need to remove policies that allow certain users access to the application? In an ACI-ready environment, the inherent intelligence of the network understands ALL of the points that this application touches and can disable or modify polices cross both the on-premise data center and the cloud.

Tip #2: Use your network’s intelligence.

Let’s assume you have a lot of mobile users within your environment. New network intelligence technologies will not only help you identify the user but they’ll also help you identify the workloads they are accessing. Let’s say that you have HIPAA-related workloads that various users must access. It’s pretty easy to create security policies for when the user is on premise, but what happens when the user leaves the facility? In some cases, access is simply shut down. However, this may well impact the user’s productivity. Using network intelligence solutions you can, for example, configure policies that will establish a VPN connection for specific users when they exit the corporate network – allowing them to remain both productive and compliant.

Tip #3: Create contextual, business and security policies.

There are many important reasons to have security policies that are based on the user or group and the data that is being accessed, including compliance, internal governance, or best practices to protect confidential or sensitive data. For example its probably a good idea to prevent even your senior executives from accessing sensitive financial data when on a mobile device on an unsecured public Wi-Fi network. Therefore, use security engines that support contextual, data-centric security policies and can enforce granular access control down to the device being used, the location from which users are connecting, or what data they’re trying to access.

Tip #4: Prepare for IoE.

As I mentioned in my blog post on the recent Cisco Partners Summit, in the very near future, every business regardless of industry or vertical will become a technology organization. This means that we must re-think how we manage and control ALL of IP devices connecting to our networks including doors, thermostats, and even cranes.

Organizations aim to empower users, but must also make sure to take the necessary steps now to protect their data and ensure compliance. So moving forward, you must start looking at the big picture when it comes to security, your network architecture, and how mobile devices will be impact your organization.