Smartphones and tablets are in the hands of more consumers every day. The days of leaving your work at home are long gone, but these devices bring home and work together like never before. Wi-Fi functionality makes them capable of connecting to your corporate network, making employees ever so much more productive.
It’s tempting to simply disallow such connections for security reasons, but with so many users – or when the user in question is a C-level executive – saying “no” isn’t always an option. Here are a few ways to let folks connect at work without creating dozens of security holes.
Make them use VPN
Assuming your company has a Virtual Private Network (VPN) in place to allow employees to connect from home, you can probably set it up for their mobile devices as well. This might be frustrating for those who want to use a faster Wi-Fi connection or tablet users with no mobile wireless card, but if you set it as policy you’re accommodating the need without compromising security at all.
Offer only Internet access
A separate Wi-Fi network for “guest” devices – which could include tablets and phones as well as laptops – can provide a direct link to the Internet without ever touching the internal network. Combined with VPN, mobile users will be able to connect securely – still not quite as fast as directly, but securely.
Set up a mobile DMZ
If you really want phones and tablets connecting directly to your corporate network, make them go through a layer or two of extra security. It doesn’t even have to be visible to the user – a proxy server behind the guest wireless router can scan all traffic and block suspicious activity. It’s a little more maintenance for you but gives employees a seamless experience.
Issue official devices
According to a recent study, more than 97 percent of tablets activated by enterprise users in the first quarter of 2012 were iPads. That iPads are dominant might not be all that surprising given Apple’s general control of the tablet market, but that’s a near-shutout. Why? Consistent hardware and software. It’s a lot easier to plan for one model and its yearly upgrades than for the mish-mash of Android tablets. An iPad tends to stay on the market longer than any single Android tablet, but you can also choose to issue successive tablets from the same manufacturer. Either way, you’ll have a single platform for which to test antivirus and other security software.
If you don’t issue official company devices, you can at least offer to support employee devices – if they’re of a certain type. Draw the circle as wide as you like: only fully-updated iPhones and iPads, only Android devices running stock Android, only Samsung tablets and phones, whatever. Just be sure you draw the line at a sensible place for your company rather than some arbitrary point just to have a limit.
With a little planning and an honest assessment of how mobile technology is used by employees at your enterprise, you can set up a secure solution that meets their needs.
John Andrews writes for INE, a leading provider of CCIE training classes, video training, and self-paced solutions to help IT professionals prepare for the CCIE lab.