by Patrick Luce, Director of Consulting & Professional Services
There’s a dramatic shift occurring in network security for mobile (or distributed) workforces.
Companies are beginning to move away from traditional methods of protecting borders, such as VPN (virtual private networks). Instead, they’re migrating toward network security solutions that monitor and shape user behavior.
It’s not fair to say that VPNs are totally through yet. However, companies are increasingly re-evaluating them as they embrace the concept of networks without borders.
The traditional approach
With old-school networking, confidential data sits on a server located in an organization’s data center. Mobile workforces requiring access to the data on the server connect to it using a VPN. The mobile workforce enters their password and perhaps a one-time key, and they are redirected to the server through a secure tunnel enabled by the VPN.
Growing migration to cloud services
This traditional approach to accessing information resources is beginning to wane due to the proliferation of cloud services. Email has migrated to the cloud via Microsoft Office 365 or GSuite. So too have ERP systems migrated to the cloud with applications like Infor and NetSuite. Instead of relying on file servers to share information, users now depend on Dropbox or OneDrive.
As a result, company data is now being spread far and wide. And tunneling all of that traffic through a VPN and back out to the cloud can be both cumbersome and expensive. It’s now much more efficient for mobile workforces to access the cloud directly. However, some companies have better control over that than others.
Key systems that monitor and manage user behavior
Rather than guiding mobile users through a set path to their data — which essentially resides in their company’s own data center — companies need to deploy systems that monitor and manage their behavior as they interact directly with cloud-based applications and services.
This is being done more with three essential management systems that monitor and tailor user behavior: Mobile Device Management (MDM), Advanced Endpoint Protection (AEP), and Cloud Access Security Brokers (CASB).
In the not too distant past, endpoint security only meant antivirus protection. Endpoints, such as smartphones, laptops, and tablets, have since further evolved to incorporate advanced monitoring and prevention techniques to continuously provide contextual awareness of potential threats to endpoints, and report on or mitigate threats as they occur.
MDM enables organizations to centrally deploy, secure and manage mobile devices. A growing number of organizations are also using them to manage laptops and desktops on their corporate network, providing them with a single pane-of-glass to manage all endpoint devices regardless of their location.
AEP are software security solutions installed on endpoint devices such as desktops, laptops and mobile devices. Through continuous monitoring of file systems, communications and system processes, AEP solutions provide contextual awareness of the behavior of these devices to identify and mitigate advanced or unknown threats.
CASB, which continues to grow in popularity, baselines and monitors user behavior as they access multiple cloud-based systems. Early generation CASBs involved rerouting or proxying traffic, providing a parallel to traditional VPNs. Newer versions are API-based and can connect directly to supported cloud services to monitor and manage behavior without re-routing traffic.
Gain better insight and control
Embracing newer, more efficient approaches to mobile workforce network security will help any company gain better insight into and control over what its mobile workforce is doing and how it’s performing. It also alleviates the need to funnel a mobile workforce back to the home network while improving the overall performance of mobile systems.
Are your network security solutions leveraging the latest technologies to meet the needs of your workforce? Contact VectorUSA for an evaluation and custom recommendations for improving the security of your network and data.