Posts Tagged ‘iPhone’

As BYOD continues to increase in prevalence, Apple devices are becoming more common in the workplace. On the heels of our recent announcement about the NCP Secure Enterprise Server’s integration with iOS products, we were wondering – what is your favorite iOS device? Don’t see yours listed below? Feel free to let us know what it is in the comments.

As indicated by your feedback in several of our polls, and as highlighted at Interop New York, more and more users are opting to access their company network via various devices. Of all the devices involved in the BYOD movement, Apple iOS products are some of the most popular. In response to this demand, the NCP Secure Enterprise VPN Server now integrates with Apple’s iOS, so IT administrators can perform certificate-based authentication to control network access of iPhones and iPads.

So, how does this work? Apple’s mobile device management (MDM) distributes various certificates to all authorized iOS devicies. When users establish VPN tunnels from their devices, the NCP Secure Enterprise VPN Server uses these certificates to determine what type of device the user is accessing the network with. This enables network administrators to, for example, allow a Mac OS X notebook full access rights, while limiting iOS devices to partial access to the central network. Also, users are unable to decipher or manipulate the certificates, significantly reducing the risk of certifications being duplicated for unauthorized devices. Security is, after all, one of the biggest concerns associated with BYOD.

Ultimately, with its iOS secure authentication, NCP enables IT administrators to use certificates to control assignment rights on these end devices – without interfering with the user-determined username and passwords. Want to view the entire, official announcement? Check it out here.

At the show, we had the chance to speak to Joanie Wexler, a regular contributor to Network World’s Wireless Alert column. We talked to Joanie about mobile device management issues that are emerging at this year’s show, including the confusion surrounding the influx of diverse mobile devices into the enterprise.

VPN Haus talks to Peter Brockmann, tech analyst and president of Brockmann & Company. In the second post in this two-part series, Brockmann weighs in on the security of mobile devices. See Part 1 of the Q&A here.

VPN Haus: The Blackberry is no longer the default mobile device for organizations. Now that different people within a  single organization could be using a Blackberry, iPhone, an Android device and more, how can organizations manage mobile security with so much variety? Are there any security advantages of having employees on different kinds of devices?

Peter Brockmann: Despite the noise surrounding Android, our research shows that this is mostly hype so far.  North American enterprises are more likely BlackBerry with iPhone.  We believe it is this state of affairs because Android has potential, but has yet to make a sizable dent in the business user market with the right combination of network, devices and software.

Mobile security professionals have begun to realize that it is a diverse, user-driven world we live in.  Historically, they have always validated policies regardless of the device or device vendors.  They typically recommended technologies and implemented policies that address the very real concerns about eavesdropping and theft of mobile devices, the access they enable and the data they have onboard.  For them, it was supposed to be a simple method of validating a device’s compliance with these standard policies and accepting or rejecting the device.  However, real life isn’t always so simple.

Today, users have enormous power over their IT environment and user convenience is now a major factor in determining device support.  The old axiom that “complexity kills” has to be set aside from infrastructure decisions so that users can extract the productivity benefits they seek. One of the downsides to a multi-device, multi-vendor world is that the administrator needs to access different tools to perform the same service for different users. IT might need to have the same app developed for multiple devices. The firm might need different client software to perform the same function on different devices. All of this complexity introduces costs and the potential for error by administrators, but if it simplifies the users’ life and increases their productivity so they can win more business faster, so be it.

VPN Haus: How would you rate Mac’s built-in VPN? Would you suggest corporate networks use external VPNs, rather than relying on the Mac’s built-in function? Or In what cases would you suggest using an external VPN rather than Mac’s built-in feature?

Brockmann: I’ve used the Mac’s (and iPhone’s) built-in VPN to access my corporate network when traveling.  It can be a reliable, simple-to-use and unobtrusive security feature.  However, there are places, such as my mother’s home, some hotels and a few airport lounges, where the locally provided Internet service supports only a few TCP/IP ports such as port 80 (http) or port 443 (https) which causes a timeout on connection attempts, leaving me frustrated and my Mac stranded.

An external VPN client is better to enable useful features not supported by the ‘built-in’ client.  For example, the NCP Secure Entry Client for Mac can overcome the port-limiting challenge with its unique PathFinder technology.  It uses the appropriate ports to attempt a service  connection and should that fail, it can attempt a connection over port 80 or 443 and thereby increase the possibilities of doing business in these places.  Something mother may not appreciate, but my boss will.

Also, if my enterprise supports a number of OS’ on devices expected to be mobile—Windows, Linux, Mac, iPhone, Symbian, BlackBerry, WebOS, Windows Mobile—it might be more appropriate to implement a common client and common remote access server across all these devices.  That way, we can enable a unified support service, common features such as PathFinder or a non-RSA two-factor authentication service and a consistent experience (or nearly so) on a users’ mobile or on a users’ laptop.

[tweetmeme source=”vpnhaus” only_single=false]

This week, VPN Haus talks to Peter Brockmann, tech analyst and president of Brockmann & Company. In the first in this two-part series, Brockmann weighs in on the security of mobile devices.

VPN Haus: How are connectivity security issues different for iPhone OS mobile devices vs. the Blackberry or Palm devices?

Peter Brockmann: Modern smartphones are really pocket computers. As such, they exhibit each of the same security risks as their larger computing relatives. They have passwords, sensitive emails, files and critical business applications in their multi-gigabyte on-board flash storage. They can be easily lost; easily stolen. They support WiFi and, as such, can be vulnerable to eavesdropping and Access Point spoofing attacks. Vendors of the leading devices – BlackBerry, iPhone, Windows Mobile, Symbian, Palm (3rd parties offer it for Android devices) – offer products and services to overcome these security risks and enable the device to be a solid platform for mobile business computing and communications.

Devices need to be able to be remotely wiped clean including lock out secrets, passwords and public key infrastructure credentials. Devices need to support encrypted data transmissions over WiFi and over 3G/4G/LTE wireless services. Enterprises need to be able to support rollouts of hundreds or thousands of devices at a time and need to update software remotely and implement corporate-wide security policies.

Unfortunately, each of the manufacturers has implemented different server software to achieve the same result. This is unfortunate because the remote access administrator has to use different apps that do the same thing to support these leading devices, which can introduce process errors and slow support responses, not to mention be the cause for administrator error.

VPN Haus: Do you think any mobile device is more secure than the others?

Brockmann: We have no evidence that one is more secure than the other. These three vendors offer back-office management applications effective for large scale enterprise management of mobile devices. They all support encryption for data in transit, local data protection through passwords, remote wipe and data and directory backup services.

VPN Haus: People are now connecting to their corporate networks from hotels, airports, coffee shops, fast food chains, at bars, and even from the mall. What does the proliferation of remote access locations mean for organizations’ network security. Should they limit where their employees can log-in from and is that really enforceable?

Brockmann: Business needs to happen wherever and whenever business can happen. Only the most paranoid of organizations, where the risks to national security or billion dollar transactions are very large and very real, need to be overwhelmingly sensitive to where users do business. For the rest of us, it would be silly to prevent employees from doing business in some public areas versus others, provided that best practices for privacy, eavesdropping and remote wiping can be maintained. Good security policies always have to balance convenience and security.

Stayed tuned to VPN Haus for more from Brockmann on the proliferation of mobile devices, as well as Mac security.

[tweetmeme source=”vpnhaus” only_single=false]