These days, it’s not uncommon to hear cyber security experts talk about the eroding perimeter. With the advent of mobile and cloud, what was (or at least seemed to be) a clearly defined demarcation point between the private corporate network and public internet has virtually dissolved into thin air, giving IT departments much more to worry about than shrinking budgets and shadow IT.
Among the many issues IT security administrators have to manage is the growing demand from employees to use their personal devices for work. After all, mobile is quickly becoming the primary mode of digital activity in cities around the globe, according to ComScore. And while that does include bringing personal mobile devices and tablets to the office, more often it means employees are connecting to the corporate network remotely from a public Wi-Fi connection, like from an airport or a coffee shop. In fact, Strategy Analytics estimates that by 2020, roughly 42% of the global workforce – or around 1.75 billion people – will be mobile.
>See also: The impact of the mobile security in the enterprise
No cure-all in with cyber security
Unfortunately for those IT admins, the insecurity of mobile devices and the vulnerabilities of public Wi-Fi networks remain at an all-time high. The development of key reinstallation attacks (KRACKs) to exploit vulnerabilities in modern Wi-Fi networks’ most common security protocol (WPA2) is just the latest example of public Wi-Fi insecurity. Even with WPA3, the new Wi-Fi security protocol announced by the Wi-Fi Alliance, on the horizon, there’s reason not to hold our collective breath that it will be the cure-all we’re hoping for.
As the first notable update to WPA2 in more than a decade, WPA3 is an important step toward giving businesses and individuals peace of mind. With developments like 192-bit encryption and the promise of ways to better lock down IoT devices, WPA3 will noticeably raise the bar. But, this new standard only improves security at the Wi-Fi access router point.
>See also: The mobile workforce: the new movement
Once mobile traffic is placed onto the internet via a rapidly-growing public Wi-Fi footprint, unless it is adequately encrypted, it remains vulnerable to a plethora of exploits. These include anything from man-in-the-middle attacks aimed at eavesdropping or the interception of sensitive information, such as logins and passwords to crypto-mining for digital currency by leveraging the device’s electricity and processing power.
As mobile adoption, and public Wi-Fi access, maintain their rapid pace of expansion, bad actors will continue to seek ways to evolve their own tactics. And, it almost goes without saying, all the security protocols in the world won’t solve for enterprises’ weakest link: their own employees.
…Except, perhaps, the network itself
To solve this complex equation, businesses need a solution that enables remote users to securely connect to internet and private network resources without introducing cyber risks associated with using personal devices and unsecured Wi-Fi. What’s more, they need a solution that can do this without hindering performance or flexibility. It’s a tall order, I know. But networks can do this today.
>See also: Mobility demands that security walks hand-in-hand with automation
By offering secure, remote VPN access to corporate networks through IPSec or SSL-based internet connections, network-based secure mobility solutions, in conjunction with security controls that are built into the network itself, can provide enterprises with end-to-end encryption and tunneling, and advanced threat detection.
In other words, the employee signing on from a tablet while waiting for a train at Waterloo station will experience the same centralised authentication, user role-mapping, resource policies and sign-in policies as at the branch office in Glasgow.
The fact is, mobility is the new front line for security as businesses weigh the advantages of an increasingly mobile workforce against the need to protect sensitive information in today’s complex cyber security landscape. But the onus of protecting the endpoint should not be burdened by the endpoint entirely by itself. Enterprises need to be confident their employees’ connections are secure, regardless of connection type or device. The ongoing evolution of Wi-Fi will bring us closer to this goal, but it’s the network that can adapt and solve for the increasingly hazy security perimeter.
Sourced by Chris Richter, vice president of global security services, CenturyLink