A high level of security and simple administration are not mutually exclusive

The working world in companies and authorities is becoming more and more mobile. However, smartphones or tablets can quickly become a risk for IT security and data protection.

Virtual Solution explains how those responsible combine maximum security, simple administration and user-friendliness.

When employees are on the move, they access internal networks from the outside, have access to internal specialist applications and, in addition to classic means of communication such as e-mail and telephone, are increasingly using external tools, above all messengers and video conference systems. For compliance with IT security and data protection, a high level of user-friendliness and, at the same time, a low set-up and administration effort, a few essential points must be observed. The security specialist Virtual Solution explains what is important.

1. There is a better solution than VPN.

Basically, laptops, tablets and smartphones can be integrated into an internal network via a virtual private network. A VPN establishes a secure connection between the user and the network via public networks; the data traffic is routed through an encrypted tunnel. Setting up and operating a VPN infrastructure for mobile devices is a lot of work: IT has to install a certificate, mostly manually, on every smartphone or tablet. This means that the entire network traffic of the device goes to the VPN and thus costs battery and data transmission capacity. A container solution with its own secure gateway reduces both the administration effort and the load on the firewalls, since only the business data traffic flows into the internal network. The key material for authentication is automatically generated and installed in the app – this means that a container solution is easy to roll out and use.

2. Encryption must take place at all levels and be efficiently integrated.

A whole range of measures is necessary to ensure that business data is really secure on a mobile device. The basis is initially the end-to-end encryption of the transmission (data in transit). This ensures that messages can only be read by the actual sender and recipient. In the next step, it is essential to encrypt the locally stored data (data at rest) according to very high standards. Access to it must be protected at least using traditional means such as PIN and password, or better still, using biometric methods such as fingerprints or facial recognition. Since the usual four- to eight-digit PINs can be broken with manageable effort, federal authorities must use a smart card as an additional factor. With its own crypto processor and hardware-based storage of certificates, the smart card represents the highest state-of-the-artSecurity anchor. Here, too, an additional container solution with an integrated, complete crypto core can drastically increase the level of security. At the same time, it is quick to install and easy to manage.

3. Bring Your Own Device requires a new perspective.

Private smartphones and tablets that are also used for business purposes pose a potential security risk. Nevertheless, authorities and companies cannot avoid the topic of BYOD today, also because it increases employee satisfaction. In principle, mobile devices can lead to security, compliance and data protection risks in the case of unprotected WiFi hotspots, uncontrolled apps or weak passwords. For example, if an employee uses a private app for business tasks or if these apps access professional contact data, data leaks can occur. Therefore, a strict separation between private and professional is necessary: ​​Business data, e-mails, contacts, notes or documents must be stored in encrypted form in a separate area (container) on the mobile device. This means that no unauthorized person has access to sensitive information.

4. A central management platform makes administration easier.

If employees work increasingly mobile, the effort of the IT department increases sharply. A high-performance application management portal that provides all the necessary functions significantly reduces the effort. A complex mobile device managementA system is not necessary for this – with an application management portal, all security-relevant settings can be efficiently controlled centrally: This ranges from user management to rules and default settings for encryption, as well as PIN and password strength, to access barring and the deletion of all business data from far. The safety-critical functions can be adapted very flexibly, granularly and individually. In principle, a central management platform ensures that the security requirements are adhered to on all mobile devices of the employees. They can work productively immediately and don’t have to worry about any device or app settings.

“Employees must be able to access data from anywhere and at any time and communicate securely. A solution based on container technology not only enables maximum security and user-friendliness, but also simple, central management at the same time. Administrators do not need any additional hardware or applications such as a VPN infrastructure and VPN profiles for the mobile devices, ”explains Dr. Hermann Granzer, CTO at Virtual Solution in Munich. “At the same time, the container technology enables the strict separation of business and private data on one and the same mobile device. Storage and transport are encrypted according to the highest standards, so company and authority information is always protected. At the same time, the data on the mobile device is in a secure environment – regardless of whether it is a private smartphone or provided by the company. However, the most secure application is of little use if it is not used by employees. Therefore, the user interface must be intuitive and all the required functions must be available. ”




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.