*Editor’s Note: This column originally appeared in TechTarget’s SearchNetworking.com 

Question: What are my options for mobile device management? What factors should play a role in my decision?

Rainer Enders, VPN Expert and CTO, Americas, at NCP engineering

There are many Mobile Device Management (MDM) systems on the market today. The best choice would be to go with a single-vendor platform for both the management system and the devices.

Here are a few critical points to watch out for:

  • Carefully plan the deployment options of the MDM system — in your own network or in the cloud, for example.
  • Ensure your operating platforms are fully supported (mobile OS or firmware). You don’t want to end up with systems that are out of the control.
  • Make sure the tool is compatible with your application environment, particularly your critical business applications such as email and any database applications.
  • Ensure the MDM system supports the most critical features, such as deployment of your most critical applications, remote wipe, blocking of applications or application stores, and data backup.


By Bernd Reder

As the workforce becomes increasingly mobile, the methods by which users access critical business tools must evolve in kind. In the past, the desktop environment and all of the resources it hosted were only accessible if an individual was sitting right in front of his or her computer. But now, with the advent of laptops, tablets and smartphones, we’re seeing a paradigm shift—one in which digital assets are no longer imprisoned by local hard drives.

Virtual desktops allow employees to remotely access their traditional systems from any location, eliminating device storage concerns as well as numerous other headaches for IT managers. For example, if the IT department had to install a suitable desktop environment on every device used by every employee throughout the company, then provide technical support and roll out regular patches for each one, the workload would likely far exceed the department’s capacity.

A Central Virtualized Desktop

With virtual desktops, individuals working off-site can still access all the tools held within their office work stations, from the operating systems to essential applications and associated data. Not only is this more convenient for them, but it is more practical and less cumbersome for IT administrators. All sensitive information and tools are housed and managed in a secure location, mitigating the risks to company data if a security breach compromises an employee’s mobile device.

All of the company resources being accessed remotely are stored in secure data centers. Rather than having to constantly update and patch the myriad of tablets and smartphones that workers use while outside the office, IT managers can focus on deploying security measures that govern remote access privileges. Though this doesn’t completely eliminate the possibility of an attack against an employee’s mobile device affecting the organization, it greatly reduces those risks—more so than any alternative—and better equips IT personnel to safeguard important information.

According to a survey from U.K.-based market research firm Visiongain, more than half of U.S. respondents are either planning to virtualize their desktops or are considering exploring this option within the next 12 months. Visiongain also states that the world market for Virtual Desktop Infrastructure (VDI) products reached $11.6 billion in 2012, and predicts annual growth of almost 15 percent through 2015.

Where VPNs Come Into Play

Paramount to any VDI is a secure link between the virtual desktop and the device being used by an off-site worker to access it. As such, VPNs are indispensable. They ensure that data is transported across a secured, encrypted connection.

However, this is far from a “one-size-fits-all” solution. On-the-go employees will often use various mediums to connect to their virtual desktops, including public Wi-Fi networks at airports and hotels or local networks at the offices of current or prospective clients. A company’s VPN system has to be configured to securely handle all of these options if users are going to be able to safely and efficiently access their virtual desktop environments. What’s more, VPNs must be able to seamlessly handle transitions from one medium to the next, such as LAN to Wi-Fi, so that the connection is not lost or processes are not interrupted at inopportune times. If access proves problematic, the benefits of VDI begin to dissipate.

In order for companies to tap into the benefits of virtualized desktops, they must invest in robust VPN solutions that account for all possibilities and automatically initiate the proper security settings based on the communication medium an employee is using. Whether in a coffee shop with public Wi-Fi or another office location within the same organization, the VPN should be able to manage them all. Such a task is perfectly fitted to a dynamic personal firewall. Where run-of-the-mill VPN systems might fail, expertly developed and well-matured solutions will not.

This is Part Two of our February Feature of the Month series. Last week, we honored the all-new Access Point Name (APN) feature in NCP’s entry and enterprise IPsec VPN clients.

Enterprises today are facing significant challenges related to remote computing due to their increasingly fragmented geographies. For instance, companies are not only contending with how to enable automated roaming between their solutions on premises and remote hotspots, but they are also responsible for making sure this seamless roaming is secure for employees working off-site.

To meet these industry needs, NCP engineering has enhanced its client suite to support integrated 3G cards, which ensure secure network connections for mobile workers when used in conjunction with the NCP Secure Enterprise VPN Server. NCP has combined 3G / 4G and VPN connection setup into a single, graphical user interface, simplifying the installation and deployment processes for both IT personnel and individual users.

Additionally, the NCP Secure Enterprise Client allows devices to automatically transition between a variety of communication mediums, including Wi-Fi, xDSL, LAN, ISDN and WWAN, making it easy for users to connect to their corporate networks from any location. Since the solution dynamically redirects the VPN tunnel without disrupting mobile computing sessions, employees are guaranteed uninterrupted connections to their networks.

Beyond that, for enhanced protection, the solution automatically recognizes secure and insecure networks to connect to while users are roaming. With its Friendly Net Detection feature, the IPsec VPN client then activates the appropriate firewall and security policies without the end user needing to lift a finger.

Want to learn more about the NCP Secure Enterprise Client’s integrated support of 3G / LTE cards? Additional information can be found here. 

Today, Rainer Enders, VPN expert and CTO of Americas at NCP engineering, addresses how IT and data management executives can properly protect their corporate data.

Q: What are the most effective steps IT and data management executives need to take in ensuring the best security for corporate information?

Rainer Enders: There is no substitute for best-of-breed security solutions. IT managers must realize that only betting on one vendor for all security needs will leave security holes in the architecture. A key starting point is the assessment of risk and exposure. For example, if you do not have employees working outside the office, you’ll have far different security implications than if you have a large mobile workforce. Obviously, the cost of the solution must match the assets at risk that will be insured and protected against damage or loss. A clear and concise security policy must be established that involves all the key stakeholders, and the policy must then be implemented and enforced at all levels. This is probably the most important and, sadly, the least followed advice.

Another trap many IT managers fall into is changing security infrastructure too quickly. Rather then taking a blended migration approach, a rip-out-and-replace approach is usually implemented, neglecting benefits and merits of existing incumbent security technologies. This has happened when SSL VPN was introduced to replace IPsec VPN. Customers followed early promises, only to see many companies now returning to the “old” IPsec VPN or adopting a hybrid approach, which would have served them better from the start. So any security architecture framework should follow the technology, not a vendor product roadmap.

If you have any questions on VPNs or anything else related to secure remote access, send them to editor@vpnhaus.com. 

Rainer Enders is CTO, Americas, at NCP engineering.

With workforce mobility on the rise, remote employees are consistently in the market for easy-to-use VPN solutions that can safely connect their mobile devices to the corporate network. And given employees have a variety of mobile operators to choose from, corporations want to make it easy for users to switch in and out between these providers in order to maintain productivity on the go.

To meet these demands, NCP has rolled out an all-new Access Point Name (APN) feature in its entry and enterprise IPsec VPN clients. This automated configuration eliminates the need to manually update each device’s mobile access point when switching out SIM cards from a previous mobile operator. By analyzing the SIM card’s provider ID and using it to define the corresponding APN, identifying the appropriate dial-up parameter takes next to no time at all, allowing the user to get up and running on the network safely and easily.

Want to learn more about this feature and the NCP Secure Client’s integrated support of 3G/LTE cards? More information can be found here.