Comment: Keeping VPNs Clean in the Era of Global Mobile Anarchy

Walker-Brown asks how IT managers can avoid mobile anarchy while simultaneously providing reliable, secure mobile access
Walker-Brown asks how IT managers can avoid mobile anarchy while simultaneously providing reliable, secure mobile access
Andrew Walker-Brown, Dell SonicWALL
Andrew Walker-Brown, Dell SonicWALL

In the last five years, enterprise workers have become ubiquitously mobile – working from Starbucks, airport lounges or hotel rooms. Mobile devices have become much more powerful and an indispensable business tool. But mobility comes at a price. IT managers must avoid mobile anarchy while simultaneously providing reliable, secure mobile access – but how? 

The numbers in 2011 are staggering: an InfoTrends report estimated that mobile knowledge workers account for more than 60% of the total workforce in Brazil, Germany, India, and Japan. In the US, mobile knowledge workers are at greater than 70% and rising.

The number of mobile devices employees use is also astounding. Canalys showed total annual global shipments of smartphones exceeded the combined total number of client desktops, notebooks, netbooks and tablets for the first time. “BYOD”– Bring Your Own Device” – has become a reality for IT departments.

The consumerization of IT is making IT managers and corporate executives look both ways before crossing the mobile security street, or risk being hit by either the hard costs associated with cyber-attacks or the soft costs of lost productivity and efficiency when mobile security is too tight. The costs are real on both sides of the equation: 50 of the largest US multinational corporations surveyed found an average annual cyber-attack cost of $5.9 million per company, with the additional cost of lost productivity and user frustration associated with blocking access from mobile phones.

The costs of lost productivity and user frustration is subjective, as users only think about security when they lose their data, or are blocked from accessing it in the first place. The typical mobile knowledge worker doesn’t care about security. They simply want access to the corporate applications and data – now.

The problem for IT is not one of control, but one of vulnerability. Businesses can no longer simply deploy security solutions that focus on gaining control and blocking access because mobile devices reside both inside and outside the firewall. If IT enforces too much control it creates a sluggish, underperforming network that ultimately slows down business productivity.

Achieving a balance between security and performance is driven by the very nature of mobile devices and their users being physically inside and outside the firewall. Outside, mobile devices must support VPN connectivity, through wireless hot spots and 3G/4G public networks. While in use, these devices must also ensure data privacy and security of company proprietary information as hackers increasingly recognize the vulnerability of these devices. Consequently, IT demands the ability to scan inbound traffic to ensure network integrity and data security.

Meantime, mobile device users expect to take advantage of all the protection and security offered by leading-edge applications, as mobile devices become an essential business tool. Finally, IT managers must always be able to guarantee bandwidth to critical applications, while limiting undesired or dangerous traffic.

So IT needs to know how to keep the VPN clean while ensuring access and data integrity.

IT organizations must deploy new security technology that provides 360-degree insight on a massive, real-time scale so IT managers can avoid data and access anarchy. Smart network administrators can allow their businesses to assess threats, react immediately and make access decisions based on vulnerability. The outcome? Effective security that provides protection at the firewall, and controls the application at the device level:

  • Next-generation firewalls need to decrypt and remove threats from mobile device traffic tunneled over SSL VPN before they enter the network.
  • When accessing the corporate network, IT organizations need to be able to verify if a mobile device legitimately requests access and is secure and hasn’t been jailbroken.
  • At the application layer, IT managers should also have the capability to define and enforce how application and bandwidth assets are used.
  • At the device level, IT administrators need to be able to define policies that identify specific attributes about the device, and ensure they are enforced, before allowing access to the corporate network.

The result of this 360-degree security approach is that malware is blocked at the firewall; IT can dynamically increase bandwidth as needed for business-critical applications on mobile devices while limiting bandwidth for less important or unacceptable traffic. The average mobile knowledge worker still has access to the network from their favorite device, but any malware or unwanted data or application will not. With the right security deployment, global mobile anarchy becomes global mobile productivity.


Andrew Walker-Brown, CISSP, CEH, has over 18 years of experience in the IT industry, with over seven years of this time based at SonicWALL where he is the systems engineering manager for Northern Europe, Middle East and Africa. He has maintained this role for the last four years and manages a team of five sales engineers across his region and has responsibility for their recruitment, team development and training.

Before working for SonicWALL, Walker-Brown held various IT positions, including technical director and co-owner of Blue River Systems in Guildford (UK) for two years. Blueriver Systems is SonicWALL’s largest managed security provider in the UK and while there he developed and designed managed firewall solutions for organizations of all sizes. Walker-Brown graduated from the University of Hertfordshire with a BSc (Hons) in computer science.

What’s hot on Infosecurity Magazine?