Archive for the ‘Endpoint Management’ Category

Today we’d like to introduce you to Joe the CIO. On paper, Joe might seem like your average cut-out, but there is far more to him than that. He takes on the frustrations that nearly all CIOs face when enabling secure remote access for their organizations — and solves these challenges, so hopefully they won’t have to. This is the first in a series of videos featuring Joe as he navigates through the tricky world of remote access.

So tell us, can you relate to Joe? What are your most vexing remote access challenges?

Ars Technica recently ran a piece “Die, VPN! We’re all ‘telecommuters’ now—and IT must adjust” arguing that in today’s mobile world, VPNs should just be abandoned and IT should adjust to relying on passwords and alternative security protocols. But considering the proliferation of data breaches we’ve seen this year alone, we know it’s simply irresponsible and absurd to walk away from secure remote access, simply because you think it’s too difficult to implement.

In fact, Rainer Ender, CTO of Americas for NCP engineering, responded with a counterpoint OpEd on Ars Technica, “Live, VPN! Why VPNs are a must-have for today’s workforce.” Here are some of the highlights:

Why the cloud isn’t rendering VPN obsolete:

The Die VPN! article is right to say that we are now using cloud-based email and calendaring more than ever before. But this isn’t the only way we access corporate information. Most people—and companies—still have a hybrid approach to their data storage. While some information is shared via Google Docs or on Salesforce.com, most companies continue to store the majority of their corporate information on private servers, hardware or virtual. This is a hybrid world: one in which the corporate firewall is alive and well. Any company that allows employees to access and transmit the information on its server without encrypting it first, are recklessly (not to mention unnecessarily) exposing themselves to a data breach.

Why passwords aren’t enough:

With the number of smartphone users set to increase 49.6 percent from 2010 to 2012, and the ubiquity of WiFi, it’s often a simple VPN that stands between a company’s network and the slew of opportunistic hackers. Otherwise, employees would be sending private data over the Internet with no protection—unthinkable for enterprises all over the world that rely on VPN encryption. If companies want to improve their security profile, their best bet is to have critical servers and services not exposed to the Internet, and rather provide the access via a transparent VPN connection such as IPsec, avoiding the various SSL vulnerabilities and flaws.

Why security is more than a “lost laptop” problem:

The Die VPN! article says the biggest issue companies and IT have is “the lost laptop” problem, with the solution being full disk encryption. But if you take a look back at a high-profile breach of 2011, you’ll see that the biggest security issue is often a disgruntled former employee looking for opportunities to game the company’s network.

You can see the full story, “Op-ed: Live, VPN! Why VPNs are a must-have for today’s workforce” here.

By Bernd Reder

All signs point towards mobility. This is true for all tech scenarios—personal and business. According to an IDC study, 119.7 million U.S. employees will be classified as mobile workers in 2013. This is 75.5 percent of the U.S. workforce, far more than in any other country of the world.

The benefits of mobile computing are clear:

  • Employees are more flexible because they can work on the road or at home, with the same efficiency as the company office.
  • Waiting times (for example, at the airport) can be used productively.
  • The company’s agility increases because the employees can be contacted more easily, and decisions can be made faster.
  • Employees are more content because they have flexibility.

Higher Risks

In many cases companies pay dearly for these benefits by accepting higher risks. IT security company MessageLabs conducted a study that showed that employees who work from their offices and from home or the road trigger five times as many security alerts as their office-bound colleagues. One of the reasons is that they access the company network via hotspots at airports or in coffee shops.

Additionally, mobile employees access more websites that do not relate to their jobs when working at home or on the road. They access, for example, online shopping sites or auction houses. Doing so, they increase their chances of landing on contaminated sites.

It is clear that such behavior poses security risks. According to a Ponemon Institute report, the financial damage resulting from loss or theft of company data is at $214 per data set. Each U.S. company has to pay, on average, $ 7.2 million to clean up the damage done by a data breach. This also includes things like loss of image, disappointed customers who turn towards the competition and various fines.

Simple Precaution Measures

However, it is possible to mitigate the risks of mobile employees. For instance, it’s important to secure all communication mediums that mobile employees use for remotely accessing the company network: wireless LAN, fixed networks and mobile networks. The best solution is a remote access solution that automatically identifies the available communication mediums and selects the most appropriate one.

Apart from that, remote access should be secured by strong authentication and a dynamic personal firewall at the end device. The firewall should also be able to select the appropriate security settings for each communication medium.

Furthermore, it is crucial that all company data must be encrypted if it is stored locally on smartphones, tablet PCs or notebooks. This allows the data to stay secure, even if the device is stolen or lost. In addition, the mobile system should also offer a remote wipe option, a service provided in mobile device management solutions.

Business Data in a VM

Companies that allow their mobile employees to use personal devices for business purposes can even go a step further. They can include the option to install a virtual machine (VM) with a dedicated working environment.

This virtual desktop is only used for business applications and data that are hermetically sealed off from private data and applications. The company’s IT administrator centrally manages the virtual machine. Such virtual desktops are available for notebooks, while companies like VMware have already developed prototypes for smartphones.

The bottom line is, there are plenty of ways to minimize the dangers that can result from remotely access company data and applications. For a company, the benefits far outweigh the costs of not investing in the proper security measures.

By Sylvia Rosen

When small businesses grow and large businesses spread across the country, remote and traveling professionals need accessibility. That’s why both small and large businesses turn to VPN technology; it gives them the flexibility they need to work across a variety of locations.

However, with accessibility comes risk.

As a business owner, you need to make sure that your remote employees have the accessibility they need to be productive, in addition to the security that you need to have a peace of mind.

Here are three ways that you can keep your business safe from security breaches while using VPN technology:

Chose your VPN technology wisely

Rainer Enders, the CTO Americas for NCP engineering, explains that when it comes to choosing VPN technology, business owners need to keep two things in mind: convenience and company policy.

“What you want to make sure [for the employee] is that it’s simple, it won’t interfere with their work, and it’s at the least intrusive level,” Enders explains.

It’s difficult to predict where your teleworkers will be going and what devices they will be using. As a result, it’s ideal that you would select a VPN that has the “intelligence” to figure out different network types, and from different types of devices, such as cell phones.

In addition, the most important aspect to keep in mind is that your technology is in accordance with your business’ security policy.

“From the employer side, they need to ensure that what is presented is in compliance with security rules and also business rules,” Enders said.

Enders explains that this might mean that businesses will need to adapt their security profile to a reasonable solution. For example, teleworkers will need a solution that allows them to securely connect to the network in areas that are considered to be “hot spots,” such as hotels, cafes, and airports.

Firewalls and security features are your friend

Business owners might cringe at the thought of their employees working in “hot spots,” but the reality is it will happen. As a result, Enders encourages business owners to use a VPN with an integrated firewall.

“The role that the firewall plays is to basically put firm access boundaries around the user’s device and allow or disallow user connectivity,” he explains. “With this, you can enforce that they can only connect to a company network – and not the Internet.”

Enders adds that security features such as “authentication” are great moves toward preventing security breaches because it ensures that the person, who is trying to connect to your company network, is in fact your employee. For example, if a device gets lost or stolen, a strong authentication will makes sure that no one can steal that person’s identity.

Keep track of each employee who has VPN access

Hackers are everywhere, and in today’s technology-driven society, it’s very easy to break into company networks – if you aren’t careful. One of the easiest ways to prevent security breaches is by paying attention to your employees and how they are accessing your company outside of the office.

For example, mobile devices increase the chances of a security breach being reached because of how small they are. With mobile devices, you’re limited from a processing perspective and UI perspective, and also limited in what type of security software you can install.

One resource that Enders suggests businesses turn towards is the cloud. Cloud services providers can adopt an approach where they can offer outsource VPN services that will allow easy manageability in order to connect to VPN services.

Being able to connect to business networks outside the office is a necessity for teleworkers and traveling professionals. As a result, it’s up to business owners to be able to select a VPN solution that is convenient, flexible, and follows security policies.

Sylvia Rosen writes articles on business products, including: Small Business Phone Systems, Document Management Systems, and Business and Home Security Systems.

By Bernd Reder

Microsoft’s DirectAccess allows users to access a company’s IT system from a Windows computer, without using a VPN — but by using IPsec to secure the connection and all data transferred in the communication. In contrast to a VPN, a DirectAccess client sets up a connection to the corresponding server after it has booted and set up a connection to the Internet. The user does not have to start a VPN session manually and log in to the company network. Nor does the administrator have to manage the system—for instance, roll out new software versions—until a client has set up a VPN connection.

So what’s the benefit of DirectAccess? Here are the main ones:

  • It supports different protocols and communication processes like IP-HTTPS, SSL and IPsec.
  • It provides authentication and encryption options.

Before you rush out to get DirectAccess though, you should hear the drawbacks, which are significant.

Restricted to the world of Windows

Does DirectAccess foretell the end for common VPN solutions? Definitely not. Microsoft’s technology only works if the whole system is based on Windows 7: running on Windows 7 (Professional, Business or Ultimate) and a Windows server (Windows server 2008 R2). This means employees working on a Mac or with a Linux notebook can’t access the company network.

Smartphone users with iPhones, BlackBerrys or other devices running Android also can’t access the company network. And even more paradoxical, DirectAccess doesn’t even work on mobile devices running Windows Mobile or the new Windows Phone 7.

It is safe to assume that Windows will support DirectAccess in future versions of its Windows 7 phone, as well as the Windows OS for tablet PCs. However, until then, there is still a long way to go. On top of that, there is hardly any company in which only Windows devices are used across the spectrum of devices—smartphones, client PCs, tablet PCs, servers, etc. In most companies, several platforms and devices are used in parallel, leaving the company with heterogenic IT equipment.

Companies use heterogenic IT equipment

This fact will not change. If anything, trends (like the consumerization of IT) lead to employees bringing a diversity of cell phones, tablets and notebooks at an even faster rate. Of course, with these mobile devices, employees check their business emails on the road or in the home office, synchronize dates and contact details, and download documents from the company server. This simply can’t be done without a VPN solution that supports various operating systems and client systems.

Another problem with DirectAccess is that one of its mandatory pre-requisites is a Public Key Infrastructure (PKI) and the use of IPv6. However, not all companies use this version of the Internet protocol, yet. That’s still years away. In fact, thanks to Network Address Translation (NAT), many companies will continue to use IPv4 for quite a while.

So, what should companies do? Write off DirectAccess? Definitely not. Microsoft’s DirectAccess technology offers solid advantages, like easy handling and easy management—as well as a high level of security. On top of that, it comes as standard with each Windows 7 packet, which means there are no additional charges. But the reality remains, DirectAccess is restricted to the world of Windows. In other words, the end of traditional VPN solutions is still a very long way off—especially for flexible solutions that support various operating systems and devices.