Security for mobile devices on the corporate network

WatchGuard Technologies recently published its "2010 Security Predictions." As a follow-up to this paper, we interviewed Corey Nachreiner, WatchGuard Senior Security Analyst, with some follow-up questions to the paper.

Predictions: Security Nightmares in 2010

The first question we put to Corey involved the rapid proliferation of smartphone type devices. We totally agree that mobile devices are here to stay, whether integrated into a phone or in a device as simple as an iPod Touch. Since these devices have the capability for full Web browsing and for e-mail, we asked Corey what he recommended as a set of first steps for ensuring network security - especially since they seem to have no obvious inherent security. (By the way, we added the caveat that we don't think that banning them from the network is a reasonable approach. They're here to stay.)

Corey responded, "To start, I agree banning smartphones is an unreasonable approach. They are way too valuable a business tool to just ban them.

"Since smartphones are essentially mini-computers, they can benefit from many of the same types of security practices and technologies we use on our desktops and laptops. Here's a few:

"• Smartphones can benefit from firewall and antivirus/malware software. There are already vendors selling mobile security solutions that package smart phone versions of these traditional security controls. That said, smartphones are much more resource constrained than typical computers. You need to be careful how much you run on them at once.

"• Mobile Device Management solutions can help. Some vendors are selling solutions that allow you to manage all of your mobile devices from one centrally managed interface. These solutions install a small agent on the smartphone, which then allows you to do things like restrict what applications a mobile device runs, backup and restore the device, wipe it remotely if it ever gets stolen, etc. One of the biggest dangers posed by smartphones is all the sensitive data we keep on them. Being able to remotely delete that data is a great benefit.

"• Mobile VPN clients can secure sensitive communication from you smartphone. We often use our smart phones to connect with our Head Offfice and pass data, usually via e-mail. Depending on your smart phone, these communications aren't always secured or encrypted. This is where a VPN client can help. For instance, WatchGuard's IPSec VPN client supports some smartphones. You can even install a version of this client that includes a mobile firewall. With this VPN client, you can encrypt any communication between your smartphone and your head office. In fact, you could even configure your phone to forward all its data traffic through the VPN tunnel. This means that all your smartphone's traffic would go through your HQ's perimeter security defenses. So if you had a WatchGuard UTM appliance with all the security services, your smartphone would get the same protection as your local users (since you force your traffic through the tunnel)."

Thanks to Corey for these insights! Next time around we'll hear more from Corey concerning another topic, Data Loss Prevention solutions.

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022