The mobile workforce is on the rise but many businesses use inadequate solutions to protect sensitive information being transmitted between remote employees.
For Sean Duca, Chief Security Officer of Asia Pacific, Palo Alto Networks, the answer is simple; new combinations of solutions are needed.
“In many scenarios, organisations’ mobile workforces don’t have the same level of protection as most core business IT systems,” Duca says.
“This has resulted in increased attention from hackers.”
When employees leave the building, Duca says the IT team loses visibility into the state of that employees’ online traffic.
As such, this makes it much harder to actively identify and prevent malicious exploits, malware, or malicious websites from compromising mobile devices and their remote network connection.
“If a portable device, such as a notebook computer, is compromised and infected with malware while an employee is out of the office, it can be potentially be controlled by an attacker when it is back in the office,” Duca adds.
“This effectively opens the door for the hacker to gain remote control of internal systems.”
Duca believes security teams have typically approached the issue of mobile security as a matter of remote access and secure connectivity, providing the mobile workforce with a virtual private network (VPN) client to connect to internal business systems with some level of protection.
While VPNs let remote workers access the corporate network relatively safely, Duca says not all of them provide the level of protection needed to guard against all of today’s latest threats, some of which can reach the end user whether or not a VPN connection is in place.
“The typical VPN appliance lacks the ability to inspect traffic or understand its content,” Duca adds.
“This means it could potentially become a conduit for threats both to and from the corporate network. Connectivity without security is too dangerous in today’s threat landscape.
“As well as VPNs, companies should implement security solutions that give them visibility into the traffic going to and from remote devices.
“This way, threats can be spotted before they become a problem, no matter where they come from.
“Remote users are an extension to organisations’ internal systems, we need to protect them as much as we protect our internal systems because they are the last line of defence when they are remote.”