SlideShare une entreprise Scribd logo

White Paper: Securing Nomadic Workforce

Courtland Smith
Courtland Smith

Top 7 things you need to know to secure your nomadic workforce.

1  sur  7
Télécharger pour lire hors ligne
Mobility Whitepaper 7 Things You Need to Know to Secure Your Nomadic Workforce. Why stopping 99% of threats across 50% of your users’ devices just isn’t enough.
Today, nomadic users are 1 typically within range of a Wi-Fi hotspot 60% of the day. Over the next 5 years, Wi-Fi is Face it: Your users are accessing company data over expected to grow 4.5x. — untrusted networks. [iPass, Septem ber 2012] The ability for nomadic users to remain connected everywhere is approaching 100%. Yet, most users don’t grasp that there’s great risk associated with connecting to unsecured Wi-Fi networks. Many public hotspots have no security 322 business technology pros and can be easily compromised and fraudulent, computer-to-computer access ranked using a VPN secure points can be quickly setup to appear no less secure than other networks. In both tunnel 1st out of 8 other environments, criminals can eavesdrop on communications or steal login solutions for securing data in credentials. Worse, many websites, Web protocols and non-Web apps that use file transit. Beating by a wide sharing or peer-to-peer protocols lack proper encryption to prevent data leaks margin secure HTTP, virtual during these increasingly frequent attacks. desktop or secure email. — [Inform ationWeek, May 2012] NOMADIC USERS WI-FI NETWORKS WEB & NON-WEB (LOGGING IN & SENDING DATA) (COMPROMISED OR FRAUDULENT) (APPS, PROTOCOLS & PORTS) COMMUNICATIONS NOT ENCRYPTED The FBI recently warned of malware installed via hotel network connections. It followed Current solutions may encrypt data stored on the device, but the protections don’t a Bloomberg report claiming extend to data communicated. Most solutions only encrypt app or protocol- Chinese hackers stole private specific communications, and are often complex for administrators to setup and data from up to 760 firms by nomadic workers to use. hacking into the iBahn In order to ensure private company data is protected when remote workers are broadband and entertainment accessing it, it’s best to encrypt all communications, regardless of app, protocol service offered to guests of hotel or port. Only one solution achieves this: VPNs (Virtual Private Networks). Most chains such as Marriott VPN connections are simple to setup and transparent to the end user, but do your International Inc. Forbes’ homework. Many solutions aren’t compatible with mobile devices or require reporter also recommends to backhauling traffic that impacts performance. users that all important data — including, but not limited to, 2 emails, docs, IMs and web logins — is sent over secure HTTP or a VPN. — [F orbes, May 2012] Nomadic users won’t sacrifice performance for security. Most security vendors’ VPN solutions require backhauling traffic from all devices to a security appliance that’s installed behind the enterprise network perimeter. While effective in adding security, this approach also adds latency for the end 210 Cloud Security Alliance user. Unfortunately, it isn’t feasible for network admins to install appliances at members – most considered every site on the globe in order to ensure the end-user experience is optimal. “experts in the field of information security” – were SLOWER CONNECTIONS LATENCY ADDED DUE TO BACKHAULING TRAFFIC surveyed and 81% believe that (USER MAY TERMINATE VPN) unsecured Wi-Fi and rogue access points are already happening today. — [Cloud Security Alliance, Sept 2012] ON-SITE APPLIANCE(S) (TOO FEW LOCATIONS & THROUGHPUT) 7 Things You Need to Know to Secure Your Nomadic Workforce Page 2
The average mobile connection Nomadic users are impatient with security that decreases Internet connection speed was 189 kbps in 2011. It speeds, device battery life or usability. They’re quick to disable or work around will surpass 1 Mbps by 2014 any perceived roadblocks. And traditional security solutions lack the sophistication and 2.9 Mbps by 2016. to give admins visibility into user engagement, or worse, disengagement. — [Cisco, F ebruary 2012] In conjunction with educating users on the importance of keeping security solutions in tact, network admins can do their part to optimize the end-user experience. A cloud-based solution is, by design, nearly infinitely scalable. Too, an effective Secure Cloud Gateway will leverage a globally-distributed network of always-on (or Anycast) data centers, ensuring very low latency. Ideally, a lightweight combination of DNS traffic routing and selective proxying should be used instead of only proxying Web traffic. 3 Today, 150 million user-owned smartphones and tablets are used in the enterprise. Or 23% Thanks to cloud computing, users access data anytime, of all such devices. And by 2014, it’s expected to reach anywhere ⎯ including outside your secure network. 350 million. — The rise of cloud computing has put users squarely in the power seat. They can [J uniper R esearch, Sept 2012] access the data and apps they need for work from smartphones, tablets and laptops. They no longer have any need to connect back to the private enterprise network. In the process, they’ve kicked out the pesky middleman ⎯ enterprise- grade security. Threats are becoming more advanced and persistent while at the same time it’s becoming more essential for productivity that users be able to access Salesforce, Basecamp, Google Drive, Dropbox and other cloud-based apps. 150 North America Enterprise CIOs were asked about data PRIVATE NETWORKS PUBLIC NETWORKS (WITH ENTERPRISE-GRADE SECURITY) (WITH CONSUMER-GRADE OR NO SECURITY) leakage on the public cloud. Over 50% noted that they were CLOUD- BASED “extremely worried. The top two DATA & APPS causes for data leaks onto public clouds were BYOD and personal In order to regain complete control, some admins may attempt to use single sign- decision-making by employees. on authentication or DLP solutions to enforce access and availability. Annoyed by And top two biggest obstacles to the barrier it presents to their productivity, users often find a way to circumvent stopping data from leaking onto such methods. public clouds is the perceived Even with losing some control by embracing cloud computing, admins can still notion that there are no obvious completely protect their data. Just like the ubiquitous connectivity nomadic users options to protect data behind enjoy today, admins can provide users ubiquitous security by embracing a Secure the corporate firewall. And the Cloud Gateway, powered by a global network, and managed via a cloud-hosted political and cultural dimensions console for centralized visibility and control. where IT (the department) is unable to mandate policy for the 4 business use of IT (the technology). — [Mezeo Software, J uly 2012] The BYOD nightmare: With no incentive to protect their personal devices, users make security a challenge. BYOD presents a series of challenges to the network admin, not the least of which is Internet security. In addition to setting (and adhering to) guidelines for device management, IT admins must also negotiate boundaries between enabling employees to do their work and infringing upon their personal device sovereignty. Admins are further prevented from easily enabling security because employees 7 Things You Need to Know to Secure Your Nomadic Workforce Page 3
Today, the average person has may not bring all the devices they use for work into the office for provisioning. So 1.8 devices that connect to the how can IT teams compel users to provision security on every device? And how Internet. By 2015, its expected can IT know whether users actually did? to be 3.47, and by 2020, 6.58 Users’ desire to maintain autonomy and IT managers’ desire to maintain security devices per person. — sometimes conflict when it means partially locking the user out of their own [Cisco, May 2012] devices. For example, they often try to restrict personal apps or force alternative, less compatible secure browser apps. But as the use of cloud computing increases, the effectiveness of this heavy-handed tactic is decreasing. Users must be incentivized to install security on their devices, and the best way to do this is by making it easy and transparent. If the security solution adds value for the end user, and isn’t disruptive to their productivity, they’ll be more likely to 36% of nomadic users admit to install it. Too, the solution should give the network admin visibility into how and using workarounds to access when it’s being used. Keeping things simple is key. An IT-traceable process, for corporate data on their which user only needs to click ‘OK’ a few times is an admin’s best bet. A solution smartphones and tablets. Those should be selected that allows for notifications when the end user shuts it off. that do bypass their IT departments cited slow response RE-GAIN VISIBILITY & CONTROL 1…2…3…! times and strict policies as (EASY, TRACEABLE PROVISIONING PROCESS) (SIMPLE, LIGHTWEIGHT) motivations. — ! BOB’S IOS SUE’S PC STATUS UPDATES CLOUD- ! [iPass, Septem ber 2012] " SAM’S MAC HOSTED PROTECT NEW USER MANAGEMENT ! The majority of 278 business technology pros responsible for personal mobile device use on their organization’s networks enforced no restrictions or basic 5 Whether it’s a user or IT-owned device, location matters when it comes to enforcing acceptable use policies. In many ways the work-everywhere era also gives way to the work-anytime era. Users are checking email, accessing data, writing code and finalizing projects and presentations at all times of day, from wherever they work. But there’s a flip side user agreements. — to this. Nomadic workers are also accessing the same devices they use for work [Inform ationWeek, May 2012] for personal use. And while IT admins want to ensure ubiquitous security protection, enforcing acceptable use policies for accessing inappropriate or bandwidth-heavy content may not be warranted outside of the office. Some solutions attempt to virtually split work and personal use environments on the device, but it is often complex for IT to setup, and difficult to compel users to “Nearly 74 percent of workers allow it on their own devices. It also still doesn’t prohibit the user from accessing globally would prefer an the personal use environment while at work locations. unconventional workday—being online and connected at any A better solution is location-aware policy enforcement. This solution recognizes time, from any place they when devices are not behind network perimeters and turns off all or most content choose, throughout the day. Over filtering, while still keeping security protections on. Most organizations find this two-thirds of survey respondents balance between network security and user freedom to be an appealing and fair believe the ability to work compromise. remotely is either a necessity (62 percent) or a right (7 percent).” THREATS & RECREATION BAD THREATS BAD RECREATION OK . — [iPass, May 2012] WORK LOCATIONS NON-WORK LOCATIONS (THE OFFICE, PARTNERS, ETC.) (HOME, CAFÉ, HOTEL, AIRPORT, ETC.) 7 Things You Need to Know to Secure Your Nomadic Workforce Page 4
6 946 security professionals at organizations with over 100 users were asked what their Workers use the same login credentials for both personal biggest IT security challenges and company accounts, amplifying risk. were. First, was managing the The number of accounts and passwords users must remember is overwhelming. complexity of security. Second, Workers often seek to simplify their online presence by using the same password was enforcing security policies. across all accounts. Through this process, they abandon security best practices. [Inform ationWeek, May 2012] This poses a great threat to corporate security if users fall victim to clever phishing and spear phishing scams. User login credentials can also be stolen via botnet controllers or untrusted networks and distributed through criminal marketplaces. Cyber criminals are smart enough to try the same credentials to 946 security professionals at access cloud-hosted customer, accounting, HR, IT, project and other company organizations with over 100 data (e.g. salesforce.com, quickbooksonline.com, zendesk.com, basecamp.com, users were asked if mobile drive.google.com), or even data hosted internally on publicly accessible Intranets. devices pose a threat to your organization’s security. 69% say LOGIN CREDENTIALS STOLEN CRIMINALS STEAL DATA (VIA PHISHING, BOTNETS & UNTRUSTED NETWORKS) (VIA LOGGING INTO BUSINESS SITES) it does, and 21% say it will. — [Inform ationWeek, May 2012] USER: JOE@CORP PW: SECRET123 USER: JOE@CORP USER: JOE@CORP PW: SECRET123 PW: SECRET123 The majority of 322 business technology pros believe the Some solutions attempt to consolidate enterprise accounts via secure single-sign primary responsibility for mobile on services with two-factor authentication. However, this adds complexity for IT security policy is a joint effort teams to on-board or off-board new or past employees, and it adds complexity for between security teams and users to access their accounts. End user education regarding the use of strong, business units. — secure passwords or bad Web links in emails is valuable. Yet, changing user [Inform ationWeek, May 2012] behavior can take time. A solution that counters these risks, while improving the performance and reliability of their devices’ Internet connections, is a win-win. If every user device could not connect to phishing sites or botnet controllers and could encrypt all data over untrusted networks, credential theft risks would be countered. 7 Advanced threats aren’t limited to email and websites, but Secure Web and Email Gateways are. Nearly all IT teams have deployed Secure Email Gateways to prevent unwanted or phishing messages. Most IT teams have deployed Web Proxies (aka. Secure Web Gateways) or Firewall Filters (aka. Unified Threat Management) to prevent new infections via compromised or malicious sites. Yet data leaks are still making news headlines every day. One key cause of these data leaks is that hackers have figured out how to circumvent traditional security solutions by leveraging non Web and email protocols (e.g. P2P, IRC, DNS tunnels) and ports other than 25, 80 or 443 to leak data. 7 Things You Need to Know to Secure Your Nomadic Workforce Page 5
Network traffic assessments DEVICES BECOME INFECTED INFECTED DEVICES LEAK DATA were conducted in 2,036 (VIA USERS CONNECTING TO MALWARE HOSTS (VIA MALWARE CONNECTING TO BOTNET HOSTS organizations worldwide between PRIMARILY OVER WEB & EMAIL CHANNELS) OVER IRC, WEB, P2P, DNS TUNNELS AND OTHERS) November 2011 and May 2012 by a firewall vendor. The vendor categorized 1,280 applications. Summarizing the assessments, 32% of applications did not use Some legacy security companies encourage IT teams to increase defense-in-depth Web traffic ports (80 or 443) at strategies by layering on more protections to prevent infection. But we’re not just all, and 26% were able to use living in a world of growing depth; we’re living in a world of growing breadth. dynamic or other non-Web ports Stopping 99% or more of threats across only 50% of the attack surface is not an to communicate over. — effective strategy. [Palo Alto N etworks, J une 2012] A better solution is to use a Secure Cloud Gateway that enforces protection and policies regardless of application, protocol or port. Also, a solution that enables distributed enterprise networks, roaming laptops and mobile devices to connect through this Secure Cloud Gateway anywhere, anytime. EVERY DEVICE EVERY WHERE & TIME EVERY CONNECTION (IT OR USER-OWNED) (AVAILABLE & SCALABLE WORLDWIDE) (ANY APP, PROTOCOL & PORT) END USERS ARE ADMINS RE-GAIN HAPPY & DATA VISIBILITY IS PROTECTED & CONTROL Sources Cited: [iPass] http://bit.ly/Mobile-Workforce-Q3-Report and http://bit.ly/Mobile- Workforce-Q2-Report [InformationWeek] http://bit.ly/2012-Mobile-Security-Report and http://bit.ly/Strategic-Security-Survey [Forbes] http://bit.ly/FBI-Hotel-Networks [Cisco] http://bit.ly/BYOD-User-Driven-Movement and http://bit.ly/Mobile-Data- Traffic-Forecast [Juniper Research] http://bit.ly/Mobile-Incidents-Increase [Mezeo Software] http://bit.ly/CIO-Mobility-Security-Survey [Palo Alto Networks] http://bit.ly/App-Use-Risk-Report 7 Things You Need to Know to Secure Your Nomadic Workforce Page 6
Umbrella is brought to you by OpenDNS. Trusted by millions around the world. The easiest way to prevent malware and phishing attacks, contain botnets, and make your Internet faster and more reliable. OpenDNS, Inc. • www.umbrella.com • 1.877.811.2367 Copyright © 2012 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no responsibility for its use. WP-7-Things-Secure-Nomadic-Workforce-v1.1

Recommandé

Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psNet motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psAccenture
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
White Paper: Defense In Breadth
White Paper: Defense In BreadthWhite Paper: Defense In Breadth
White Paper: Defense In BreadthCourtland Smith
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 

Recommandé

Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psNet motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psAccenture
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
White Paper: Defense In Breadth
White Paper: Defense In BreadthWhite Paper: Defense In Breadth
White Paper: Defense In BreadthCourtland Smith
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Advantec Distribution
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Ben Rothke
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
Securing the network perimeter
Securing the network perimeterSecuring the network perimeter
Securing the network perimeterinfra-si
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the CloudOnline Tech
 
Patch management
Patch managementPatch management
Patch managementGFI Software
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesBulent Buyukkahraman
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identity Defined Security Alliance
 
Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformCourtland Smith
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewCourtland Smith
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&CCourtland Smith
 

Contenu connexe

Tendances

MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Ben Rothke
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
Securing the network perimeter
Securing the network perimeterSecuring the network perimeter
Securing the network perimeterinfra-si
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the CloudOnline Tech
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesBulent Buyukkahraman
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 

Tendances (19)

MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security Suite
 
Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Wns rogues wp_1011_v3
Wns rogues wp_1011_v3
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network Security
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative Solutions
 
Securing the network perimeter
Securing the network perimeterSecuring the network perimeter
Securing the network perimeter
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
 
Patch management
Patch managementPatch management
Patch management
 
Security White Paper
Security White PaperSecurity White Paper
Security White Paper
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure Components
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing Services
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 

En vedette

Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformCourtland Smith
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewCourtland Smith
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&CCourtland Smith
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlOpenDNS
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 

En vedette (6)

Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery Platform
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution Overview
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012
 

Similaire à White Paper: Securing Nomadic Workforce

Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanTariq Mustafa
 
How secured and safe is Cloud?
How secured and safe is Cloud?How secured and safe is Cloud?
How secured and safe is Cloud?IRJET Journal
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
Aerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyondAerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyondJ
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGIRJET Journal
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications Array Networks
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
I Brought My Own Device. Now What?
I Brought My Own Device. Now What?I Brought My Own Device. Now What?
I Brought My Own Device. Now What? Array Networks
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
Wp byod
Wp byodWp byod
Wp byodJ
 
Security aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSecurity aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSHREYASSRINATH94
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 

Similaire à White Paper: Securing Nomadic Workforce (20)

Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistan
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
How secured and safe is Cloud?
How secured and safe is Cloud?How secured and safe is Cloud?
How secured and safe is Cloud?
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Aerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyondAerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyond
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
Securing mobile devices 1
Securing mobile devices 1Securing mobile devices 1
Securing mobile devices 1
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
 
NEtwork Security Admin Portal
NEtwork Security Admin PortalNEtwork Security Admin Portal
NEtwork Security Admin Portal
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
I Brought My Own Device. Now What?
I Brought My Own Device. Now What?I Brought My Own Device. Now What?
I Brought My Own Device. Now What?
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
 
Wp byod
Wp byodWp byod
Wp byod
 
Security aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSecurity aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computing
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 

White Paper: Securing Nomadic Workforce

  • 1. Mobility Whitepaper 7 Things You Need to Know to Secure Your Nomadic Workforce. Why stopping 99% of threats across 50% of your users’ devices just isn’t enough.
  • 2. Today, nomadic users are 1 typically within range of a Wi-Fi hotspot 60% of the day. Over the next 5 years, Wi-Fi is Face it: Your users are accessing company data over expected to grow 4.5x. — untrusted networks. [iPass, Septem ber 2012] The ability for nomadic users to remain connected everywhere is approaching 100%. Yet, most users don’t grasp that there’s great risk associated with connecting to unsecured Wi-Fi networks. Many public hotspots have no security 322 business technology pros and can be easily compromised and fraudulent, computer-to-computer access ranked using a VPN secure points can be quickly setup to appear no less secure than other networks. In both tunnel 1st out of 8 other environments, criminals can eavesdrop on communications or steal login solutions for securing data in credentials. Worse, many websites, Web protocols and non-Web apps that use file transit. Beating by a wide sharing or peer-to-peer protocols lack proper encryption to prevent data leaks margin secure HTTP, virtual during these increasingly frequent attacks. desktop or secure email. — [Inform ationWeek, May 2012] NOMADIC USERS WI-FI NETWORKS WEB & NON-WEB (LOGGING IN & SENDING DATA) (COMPROMISED OR FRAUDULENT) (APPS, PROTOCOLS & PORTS) COMMUNICATIONS NOT ENCRYPTED The FBI recently warned of malware installed via hotel network connections. It followed Current solutions may encrypt data stored on the device, but the protections don’t a Bloomberg report claiming extend to data communicated. Most solutions only encrypt app or protocol- Chinese hackers stole private specific communications, and are often complex for administrators to setup and data from up to 760 firms by nomadic workers to use. hacking into the iBahn In order to ensure private company data is protected when remote workers are broadband and entertainment accessing it, it’s best to encrypt all communications, regardless of app, protocol service offered to guests of hotel or port. Only one solution achieves this: VPNs (Virtual Private Networks). Most chains such as Marriott VPN connections are simple to setup and transparent to the end user, but do your International Inc. Forbes’ homework. Many solutions aren’t compatible with mobile devices or require reporter also recommends to backhauling traffic that impacts performance. users that all important data — including, but not limited to, 2 emails, docs, IMs and web logins — is sent over secure HTTP or a VPN. — [F orbes, May 2012] Nomadic users won’t sacrifice performance for security. Most security vendors’ VPN solutions require backhauling traffic from all devices to a security appliance that’s installed behind the enterprise network perimeter. While effective in adding security, this approach also adds latency for the end 210 Cloud Security Alliance user. Unfortunately, it isn’t feasible for network admins to install appliances at members – most considered every site on the globe in order to ensure the end-user experience is optimal. “experts in the field of information security” – were SLOWER CONNECTIONS LATENCY ADDED DUE TO BACKHAULING TRAFFIC surveyed and 81% believe that (USER MAY TERMINATE VPN) unsecured Wi-Fi and rogue access points are already happening today. — [Cloud Security Alliance, Sept 2012] ON-SITE APPLIANCE(S) (TOO FEW LOCATIONS & THROUGHPUT) 7 Things You Need to Know to Secure Your Nomadic Workforce Page 2
  • 3. The average mobile connection Nomadic users are impatient with security that decreases Internet connection speed was 189 kbps in 2011. It speeds, device battery life or usability. They’re quick to disable or work around will surpass 1 Mbps by 2014 any perceived roadblocks. And traditional security solutions lack the sophistication and 2.9 Mbps by 2016. to give admins visibility into user engagement, or worse, disengagement. — [Cisco, F ebruary 2012] In conjunction with educating users on the importance of keeping security solutions in tact, network admins can do their part to optimize the end-user experience. A cloud-based solution is, by design, nearly infinitely scalable. Too, an effective Secure Cloud Gateway will leverage a globally-distributed network of always-on (or Anycast) data centers, ensuring very low latency. Ideally, a lightweight combination of DNS traffic routing and selective proxying should be used instead of only proxying Web traffic. 3 Today, 150 million user-owned smartphones and tablets are used in the enterprise. Or 23% Thanks to cloud computing, users access data anytime, of all such devices. And by 2014, it’s expected to reach anywhere ⎯ including outside your secure network. 350 million. — The rise of cloud computing has put users squarely in the power seat. They can [J uniper R esearch, Sept 2012] access the data and apps they need for work from smartphones, tablets and laptops. They no longer have any need to connect back to the private enterprise network. In the process, they’ve kicked out the pesky middleman ⎯ enterprise- grade security. Threats are becoming more advanced and persistent while at the same time it’s becoming more essential for productivity that users be able to access Salesforce, Basecamp, Google Drive, Dropbox and other cloud-based apps. 150 North America Enterprise CIOs were asked about data PRIVATE NETWORKS PUBLIC NETWORKS (WITH ENTERPRISE-GRADE SECURITY) (WITH CONSUMER-GRADE OR NO SECURITY) leakage on the public cloud. Over 50% noted that they were CLOUD- BASED “extremely worried. The top two DATA & APPS causes for data leaks onto public clouds were BYOD and personal In order to regain complete control, some admins may attempt to use single sign- decision-making by employees. on authentication or DLP solutions to enforce access and availability. Annoyed by And top two biggest obstacles to the barrier it presents to their productivity, users often find a way to circumvent stopping data from leaking onto such methods. public clouds is the perceived Even with losing some control by embracing cloud computing, admins can still notion that there are no obvious completely protect their data. Just like the ubiquitous connectivity nomadic users options to protect data behind enjoy today, admins can provide users ubiquitous security by embracing a Secure the corporate firewall. And the Cloud Gateway, powered by a global network, and managed via a cloud-hosted political and cultural dimensions console for centralized visibility and control. where IT (the department) is unable to mandate policy for the 4 business use of IT (the technology). — [Mezeo Software, J uly 2012] The BYOD nightmare: With no incentive to protect their personal devices, users make security a challenge. BYOD presents a series of challenges to the network admin, not the least of which is Internet security. In addition to setting (and adhering to) guidelines for device management, IT admins must also negotiate boundaries between enabling employees to do their work and infringing upon their personal device sovereignty. Admins are further prevented from easily enabling security because employees 7 Things You Need to Know to Secure Your Nomadic Workforce Page 3
  • 4. Today, the average person has may not bring all the devices they use for work into the office for provisioning. So 1.8 devices that connect to the how can IT teams compel users to provision security on every device? And how Internet. By 2015, its expected can IT know whether users actually did? to be 3.47, and by 2020, 6.58 Users’ desire to maintain autonomy and IT managers’ desire to maintain security devices per person. — sometimes conflict when it means partially locking the user out of their own [Cisco, May 2012] devices. For example, they often try to restrict personal apps or force alternative, less compatible secure browser apps. But as the use of cloud computing increases, the effectiveness of this heavy-handed tactic is decreasing. Users must be incentivized to install security on their devices, and the best way to do this is by making it easy and transparent. If the security solution adds value for the end user, and isn’t disruptive to their productivity, they’ll be more likely to 36% of nomadic users admit to install it. Too, the solution should give the network admin visibility into how and using workarounds to access when it’s being used. Keeping things simple is key. An IT-traceable process, for corporate data on their which user only needs to click ‘OK’ a few times is an admin’s best bet. A solution smartphones and tablets. Those should be selected that allows for notifications when the end user shuts it off. that do bypass their IT departments cited slow response RE-GAIN VISIBILITY & CONTROL 1…2…3…! times and strict policies as (EASY, TRACEABLE PROVISIONING PROCESS) (SIMPLE, LIGHTWEIGHT) motivations. — ! BOB’S IOS SUE’S PC STATUS UPDATES CLOUD- ! [iPass, Septem ber 2012] " SAM’S MAC HOSTED PROTECT NEW USER MANAGEMENT ! The majority of 278 business technology pros responsible for personal mobile device use on their organization’s networks enforced no restrictions or basic 5 Whether it’s a user or IT-owned device, location matters when it comes to enforcing acceptable use policies. In many ways the work-everywhere era also gives way to the work-anytime era. Users are checking email, accessing data, writing code and finalizing projects and presentations at all times of day, from wherever they work. But there’s a flip side user agreements. — to this. Nomadic workers are also accessing the same devices they use for work [Inform ationWeek, May 2012] for personal use. And while IT admins want to ensure ubiquitous security protection, enforcing acceptable use policies for accessing inappropriate or bandwidth-heavy content may not be warranted outside of the office. Some solutions attempt to virtually split work and personal use environments on the device, but it is often complex for IT to setup, and difficult to compel users to “Nearly 74 percent of workers allow it on their own devices. It also still doesn’t prohibit the user from accessing globally would prefer an the personal use environment while at work locations. unconventional workday—being online and connected at any A better solution is location-aware policy enforcement. This solution recognizes time, from any place they when devices are not behind network perimeters and turns off all or most content choose, throughout the day. Over filtering, while still keeping security protections on. Most organizations find this two-thirds of survey respondents balance between network security and user freedom to be an appealing and fair believe the ability to work compromise. remotely is either a necessity (62 percent) or a right (7 percent).” THREATS & RECREATION BAD THREATS BAD RECREATION OK . — [iPass, May 2012] WORK LOCATIONS NON-WORK LOCATIONS (THE OFFICE, PARTNERS, ETC.) (HOME, CAFÉ, HOTEL, AIRPORT, ETC.) 7 Things You Need to Know to Secure Your Nomadic Workforce Page 4
  • 5. 6 946 security professionals at organizations with over 100 users were asked what their Workers use the same login credentials for both personal biggest IT security challenges and company accounts, amplifying risk. were. First, was managing the The number of accounts and passwords users must remember is overwhelming. complexity of security. Second, Workers often seek to simplify their online presence by using the same password was enforcing security policies. across all accounts. Through this process, they abandon security best practices. [Inform ationWeek, May 2012] This poses a great threat to corporate security if users fall victim to clever phishing and spear phishing scams. User login credentials can also be stolen via botnet controllers or untrusted networks and distributed through criminal marketplaces. Cyber criminals are smart enough to try the same credentials to 946 security professionals at access cloud-hosted customer, accounting, HR, IT, project and other company organizations with over 100 data (e.g. salesforce.com, quickbooksonline.com, zendesk.com, basecamp.com, users were asked if mobile drive.google.com), or even data hosted internally on publicly accessible Intranets. devices pose a threat to your organization’s security. 69% say LOGIN CREDENTIALS STOLEN CRIMINALS STEAL DATA (VIA PHISHING, BOTNETS & UNTRUSTED NETWORKS) (VIA LOGGING INTO BUSINESS SITES) it does, and 21% say it will. — [Inform ationWeek, May 2012] USER: JOE@CORP PW: SECRET123 USER: JOE@CORP USER: JOE@CORP PW: SECRET123 PW: SECRET123 The majority of 322 business technology pros believe the Some solutions attempt to consolidate enterprise accounts via secure single-sign primary responsibility for mobile on services with two-factor authentication. However, this adds complexity for IT security policy is a joint effort teams to on-board or off-board new or past employees, and it adds complexity for between security teams and users to access their accounts. End user education regarding the use of strong, business units. — secure passwords or bad Web links in emails is valuable. Yet, changing user [Inform ationWeek, May 2012] behavior can take time. A solution that counters these risks, while improving the performance and reliability of their devices’ Internet connections, is a win-win. If every user device could not connect to phishing sites or botnet controllers and could encrypt all data over untrusted networks, credential theft risks would be countered. 7 Advanced threats aren’t limited to email and websites, but Secure Web and Email Gateways are. Nearly all IT teams have deployed Secure Email Gateways to prevent unwanted or phishing messages. Most IT teams have deployed Web Proxies (aka. Secure Web Gateways) or Firewall Filters (aka. Unified Threat Management) to prevent new infections via compromised or malicious sites. Yet data leaks are still making news headlines every day. One key cause of these data leaks is that hackers have figured out how to circumvent traditional security solutions by leveraging non Web and email protocols (e.g. P2P, IRC, DNS tunnels) and ports other than 25, 80 or 443 to leak data. 7 Things You Need to Know to Secure Your Nomadic Workforce Page 5
  • 6. Network traffic assessments DEVICES BECOME INFECTED INFECTED DEVICES LEAK DATA were conducted in 2,036 (VIA USERS CONNECTING TO MALWARE HOSTS (VIA MALWARE CONNECTING TO BOTNET HOSTS organizations worldwide between PRIMARILY OVER WEB & EMAIL CHANNELS) OVER IRC, WEB, P2P, DNS TUNNELS AND OTHERS) November 2011 and May 2012 by a firewall vendor. The vendor categorized 1,280 applications. Summarizing the assessments, 32% of applications did not use Some legacy security companies encourage IT teams to increase defense-in-depth Web traffic ports (80 or 443) at strategies by layering on more protections to prevent infection. But we’re not just all, and 26% were able to use living in a world of growing depth; we’re living in a world of growing breadth. dynamic or other non-Web ports Stopping 99% or more of threats across only 50% of the attack surface is not an to communicate over. — effective strategy. [Palo Alto N etworks, J une 2012] A better solution is to use a Secure Cloud Gateway that enforces protection and policies regardless of application, protocol or port. Also, a solution that enables distributed enterprise networks, roaming laptops and mobile devices to connect through this Secure Cloud Gateway anywhere, anytime. EVERY DEVICE EVERY WHERE & TIME EVERY CONNECTION (IT OR USER-OWNED) (AVAILABLE & SCALABLE WORLDWIDE) (ANY APP, PROTOCOL & PORT) END USERS ARE ADMINS RE-GAIN HAPPY & DATA VISIBILITY IS PROTECTED & CONTROL Sources Cited: [iPass] http://bit.ly/Mobile-Workforce-Q3-Report and http://bit.ly/Mobile- Workforce-Q2-Report [InformationWeek] http://bit.ly/2012-Mobile-Security-Report and http://bit.ly/Strategic-Security-Survey [Forbes] http://bit.ly/FBI-Hotel-Networks [Cisco] http://bit.ly/BYOD-User-Driven-Movement and http://bit.ly/Mobile-Data- Traffic-Forecast [Juniper Research] http://bit.ly/Mobile-Incidents-Increase [Mezeo Software] http://bit.ly/CIO-Mobility-Security-Survey [Palo Alto Networks] http://bit.ly/App-Use-Risk-Report 7 Things You Need to Know to Secure Your Nomadic Workforce Page 6
  • 7. Umbrella is brought to you by OpenDNS. Trusted by millions around the world. The easiest way to prevent malware and phishing attacks, contain botnets, and make your Internet faster and more reliable. OpenDNS, Inc. • www.umbrella.com • 1.877.811.2367 Copyright © 2012 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no responsibility for its use. WP-7-Things-Secure-Nomadic-Workforce-v1.1