Secure Connection of Mobile Devices

ipad schwarz screenshot

Mobile devices such as smartphones and tablets were originally conceived for private use without the security enhancements required for corporate use.

This has been rectified in some aspects, but it remains a good idea to add additional layers of encryption to sensitive data on these devices or not to store critical data on these devices in the first place.

Private versus Corporate-Owned Devices

As described in the previous article "Mobile Device Management as a Service", there are ways to enhance the security protection of these devices with a mobile device management (MDM) solution. The MDM monitors the security of these devices and executes any actions required to maintain their security. 

The requirements for a secure VPN connection to the corporate network are so restrictive, however, that it would be difficult to convince many private users to allow such drastic restrictions to be placed on their private device. These restrictions include the blocking of apps deemed unwelcome in the enterprise network, constraints on synchronization and the ability to erase all data on the device from a central location in case of compromise or loss.

It is also difficult to mandate private users to undertake the necessary measures to backup company data on the device, especially as soon as both personal and corporate data get uploaded on the device. A company's maintaining "custody" of private data is just as legally questionable as private custody of company data. 

This leads to the two-part solution: Company-owned devices are handled according to company policy and are fully integrated into the company's networks. Private devices are subject to what could be called a bring-your-own device approach.

Integrating Company-Owned Devices

Einbindung unternehmenseigener Geräte

Companies can't ignore their employees' desire to have current smartphones that allow them not only to place calls, but also to have access to corporate data such as email, calendar and intranet.

A mobile device management (MDM) solution allows smartphones from different manufacturers and with different operating systems to be safely integrated into the infrastructure. The MDM system allows the company to manage the devices centrally and enforce encryption, password protection and other security-related policies.

A MDM solution can also be used to define which apps are allowed on the devices. License monitoring and management of individual devices is also an important feature of an MDM solution for use in the business environment.

Smartphone access to internal corporate resources such as intranet, shared drives and other company-specific applications can be centrally managed by an MDM solution using various VPN providers. 

MDM solutions also provide a key security feature in allowing devices to be remotely erased in whole or in part via their data connections. This keeps locally stored corporate data from falling into the wrong hands if the device is lost or stolen. 

A well-planned and professionally set-up MDM solution allows companies to provide their employees secure smartphones to access internal corporate data and thus increase business productivity significantly.

Bring-Your-Own-Device (BYOD) – An Idea Whose Time Has Come

Bring-Your-Own-Device (BYOD) concepts can only function flawlessly, when the connection to the company on a most far-reaching decoupling of the device from access to the corporate network. Security is ensured within the application that allows access. You can rely on the underlying system only under certain conditions.

Apps that provide the company's services to mobile devices must use an encrypted data connection, store as little data as possible on the device, and, if local storage is necessary, save them under strict security protocols. To ensure safety, these apps should be robustly programmed and well encapsulated. They should also have the ability to detect attempts at rooting or jailbreaks. 

"Good for Enterprise"

Below, we present a solution that takes consistently follows this approach which can be adapted to many applications.

Sichere Anbindung

Good for Enterprise is an app that provides employees access to their business in-box, calendar and intranet. The app provides encapsulation and secure storage of data as well as rooting/jailbreak detection. This allows use on the private device to be completely secured and ensures that no data can be moved outside the app. 

The connection is made through an SSL connection. There is no IP-based VPN which would be more prone to attacks due to being routed through the company network. The skilful integration allows access to upcoming appointments and new emails even if the device is closed. The app can also handle displaying a wide range of file formats, including access to the corporate SharePoint. Add-ons also allow documents on shared drives or SharePoint to be edited. 

This app offers many application, but the additional direct connection to the corporate workplace offers previously unimagined options. 

Many companies have already added desktop virtualisation or are planning to do so. The integration of these virtualised desktops is described in the following scenario. 

Virtualised Desktops on Your Tablet 

The major benefits of a virtualised, centralised desktop environment are obvious and can be reliably used in remote locations even in today's networks. Almost all aspects of handling have improved in such an environment. Data security, investment protection and optimal hardware utilisation are just some of the known benefits.

So why not take the next step and start using these desktops on BYOD devices? A known work environment often provides the highest productivity—so why not use it?

The Citrix Receiver

The installation of the Citrix Receiver on mobile devices is similar to the Good for Enterprise app as it allows encapsulated access to a Citrix XenApp or XenDesktop environment. All applications can be deployed as usual. No adjustments are required and there are no additional maintenance costs. Citrix Receiver provides tablet-adapted handling with optimal use of the Windows desktop on the touchscreen device.

Access to relevant data during a meeting or active participation in business processes while on the go or at home are just a few examples. The application possibilities are endless and with optimal implementation significantly improve flexibility and productivity of your employees.

Conclusion 

Current solutions already allow for the safe integration of tablets and other mobile devices, whether company-owned or private devices. What's key here is the correct design, architecture and implementation of each solution with all its facets. It has to adapt seamlessly to the existing infrastructure to achieve the best results and meet security requirements.

Contact: Ralf Staiger; Turn on Javascript!