How to Resolve the BYOD Stand-Off between Employees and IT

“Try to please everyone, and you’ll end up pleasing no one.” This is one of those classic, ubiquitous statements that can apply to any number of situations. Take the Bring-Your-Own-Device (BYOD) trend. To the employees whose jobs are made easier and more convenient by BYOD, the appeal of these initiatives is obvious. That’s why demand for BYOD is expected to increase by 25 percent between 2014 and 2019, driven by the consumerization of IT and increased mobile data speeds that meet enterprise-acceptable levels. Yet, on the other side of the spectrum, are the IT departments tasked with enforcing BYOD security frameworks. The same things that employees see as beneficial about BYOD – convenience and freedom of choice – are exactly what make IT departments so fearful. The two groups are fundamentally at odds. Users want, and demand, access to a broad range of personal mobile devices in the workplace. They want to be able to safely access work files on their phones while on-the-go and work from their homes on their personal laptops. Meanwhile, IT departments are tasked with protecting network security at all costs, and that means they are the ones who have to say “no,” and who have to restrict the technology employees are permitted to use in the workplace. That’s how BYOD “pleases no one” – users are frustrated by what they perceive to be restrictions on free use, while IT feels like it’s constantly engaged in an uphill fight against employees who frequently, both purposely and unwittingly, violate best practices around secure remote access VPN and BYOD. It’s the classic case of unstoppable force (in...

Open Haus: Friendly Net Detection

The prevalence of remote work has climbed steadily over the last decade thanks to advances in technology and attitudes towards the practice. According to Global Workplace Analytics, teleworking has increased about 80 percent between 2005 and 2012. Still, only a few million Americans consider their home, or somewhere other than an office, to be their primary place of work. What’s holding remote work back? A lot of it is cultural, as well as logistical, but there are also lingering security concerns. Despite the convenience of the practice, accessing the corporate network remotely doesn’t carry with it quite the same guarantee that a user’s end-to-end connection to the network is entirely secure. That’s why NCP engineering’s Remote Access VPN solution is equipped with Friendly Net Detection (FND), a technology that automatically recognizes safe, friendly networks or unsafe, unfriendly networks, no matter where the user may be, thereby protecting end devices against Internet attacks via 3G/4G, Wi-Fi and LAN. How it Works FND is a component of all NCP Secure VPN Clients, and since the FND server is installed independent of the VPN gateway, it’s therefore agnostic to any particular operating system or third-party vendor gateway. Once installed, the FND client is configured within the VPN client’s firewall settings. The feature works by forcing the network to identify itself to the end user’s device, and then dynamically activating or deactivating the appropriate firewall rules and security mechanisms, depending on whether it’s a known/secure/friendly network or an unknown/insecure/unfriendly network. If the FND client is successful in its attempt to contact and authenticate the FND server, then it can confirm that the device...

IT Security? “Yes Please,” says Uncle Sam – But Offers No Tangible Help

When it comes to IT security, government agencies around the world are aware of the challenges and risks small and medium-sized enterprises (SMEs) face. So it only figures that they offer help, in the form of initiatives aimed specifically at SMEs. Germany has one of the most active administrations in this respect, as it finances or supports a whopping 21 initiatives. And while the U.S. government would do well to follow Germany’s lead and further IT security by offering numerous assistance programs to SMEs, unfortunately, a recent study from management consultancy Detecon International shows that most U.S. initiatives are focused on admonitory finger-wagging rather than hands-on help with implementation. Yet, hands-on help is exactly the type of assistance that would have the biggest impact on raising the security level of SMEs. Most German public initiatives prioritize awareness of the issue at the upper management level. However, only a small part of the surveyed initiatives – 35 percent – can be mapped to concrete measures within the Federal Office for Information Security (BSI) IT baseline protection catalogs. Furthermore, 36 of 56 assistance programs analyzed lack a concrete goal with achievable benchmarks for success. Instead, they focus on information security as a whole and therefore try to pursue many targets at once, with a shotgun, light-handed effect. Naturally, IT security has to be approached holistically. There is no use securing remote access for employees with a VPN when a company’s Wi-Fi network is open and therefore accessible from outside the enterprise. But because SMEs have usually only limited resources at their disposal, it is important to prioritize and focus on the...

The Cloud is Covered: VPNs Enhance Data Security in the Cloud

Cloud computing not only introduces a new level of flexibility for enterprise IT services, but it often improves data security, too. A cloud provider that has to adhere to stringent privacy and compliance regulations typically has more know-how and access to more resources than a small- or medium-size company. But it is just not possible to rely on a cloud provider for every aspect of data security. In the end, the company is responsible for its own data. Many aspects of data security are beyond the purview of the cloud provider, but at least it is responsible for checking all certificates and knowing which ones are relevant. However, all basic security measures are the responsibility of the company. Among them is the protection of the data-in-transit between the company’s LAN and the data center in the cloud. The easiest way to ensure this protection is to use a location-to-location VPN tunnel. If a VPN solution is already being used, the company has to make sure there aren’t any compatibility issues between its VPN gateway and the gateway at the cloud provider’s site. The VPN standards IPsec and SSL have been in use for many years and are tried and trusted, greatly reducing the potential for trouble. Usually the cloud data center provides a virtual machine on which the company installs another instance of its VPN gateway solution. Major solution providers like Microsoft Azure, Amazon Web Services and Google Compute Engine provide extensive how-to guides and online manuals explaining how to assure compatibility with a VPN. Most providers even relieve the customer of that process by offering a turnkey, managed...

Mobile World Congress: E.ON Achieves Secure Remote Access with Samsung, NCP

Last month, Samsung hosted one of the largest, most-visited booths at Mobile World Congress in Barcelona – and rightfully so. The company chose the world’s largest mobile industry trade show to launch its newest phones, the Galaxy S6 and S6 Edge, to the 93,000 industry influencers in attendance. Samsung also hosted an Enterprise Mobility Showcase, where guests could “hear [Samsung’s] business strategy with key strategic partners, and meet the industry opinion leaders who are working with them.” NCP engineering is proud to have been one of those featured partners. As part of that presentation, Samsung revealed a case study exploring how it developed a secure smartphone – the KNOX – that could be used by officials from E.ON, a German electric utility. NCP’s role involved outfitting the phone with one of its most important elements – secure remote access capabilities. Because of the sensitive nature of the information passing through those devices, and the fact E.ON supplies critical infrastructure to Germany, Samsung and NCP had to follow stringent requirements laid out by the Federal Office for Information Security (BSI), the German national security agency. The BSI lists several factors for secure mobile communication, all of which Samsung and NCP had to abide by, including: Secure digital identity certificates issued by a trust center per system/user, All security operations in the device based on this digital identity, Secure two-factor authentication, Encryption of all stored local data, Secure data communication between the mobile device and the related server, Secure boot process, Controlled process for installing additional software (digital signature). The Samsung KNOX meets these requirements through integrations with etaSuite, which provides...