The increasing mobility of today’s corporate workforce presents significant security challenges for IT managers. Employees connecting to public Wi-Fi hotspots in locations like airports and hotels expose corporate computers to unsecured networks, potentially jeopardizing sensitive data and introducing security threats back into the corporate network.
Traditional IT responses, such as strict security policies, can hinder the productivity of mobile workers. Some organizations treat returning laptops as potentially infected, resorting to complete formatting or prohibiting external network connections altogether.
A viable solution involves extending the same level of security enjoyed within the corporate network to mobile devices. Inside the corporate network, users benefit from two security layers:
* **First Line of Defense:** Robust security appliances at the IT center, managed exclusively by the IT department. These appliances typically include firewalls, intrusion detection and prevention systems (IDS/IPS), antivirus, anti-spyware, anti-spam, and content filtering, all running on hardened operating systems.
* **Second Line of Defense:** Personal firewalls and antivirus software installed on individual computers.
The first line of defense isolates users both physically and logically, employing hardened operating systems designed specifically for security. These appliances offer several key advantages:
* **No Mobile Code Execution:** Internet content is not executed on these appliances, reducing the attack surface.
* **Uninstall Protection:** Hardware-based security cannot be easily uninstalled or disabled, unlike software-based solutions that can be targeted by attackers.
* **Non-Writable Memory:** Controlled memory management provides greater protection against attacks on the security mechanisms.
* **Centralized Control:** IT personnel maintain and update security policies, ensuring consistent protection.
* **Optimized Performance:** Security appliances operate independently, minimizing performance impact on user computers.
This layered approach creates a secure environment within the corporate network, preventing threats from entering. However, corporate laptops operating outside this environment lack the critical first line of defense. Upon returning to the network, these devices can bypass the gateway security, potentially introducing threats. Securing mobile devices with comparable security measures is crucial to mitigate these risks and maintain a robust overall security posture.