Sergey Nivens - Fotolia

Manage Learn to apply best practices and optimize your operations.

Securing corporate data in a BYOD world

In an ever more dangerous world, your trusty VPN has a more important role than ever.

There was a time when securing corporate data meant protecting desktop computers with antivirus software and educating employees about cyber security best practices. Threats were still present -- phishing attacks against employees and theft of machines, to name a couple. But for the most part, enterprises could protect themselves just by securing the devices they had on their immediate premises.

Not any longer.

Today, securing corporate data isn't confined to protecting stationary desktop computers within the immediate network. Mobile devices are nearly ubiquitous, and about half of enterprise employees use them for work purposes. This increase in remote access means that company data is constantly on the go, bobbing in and out of the corporate network.

IT and information security professionals do seem to understand the risks and challenges of protecting corporate data in a multi-device environment. Nearly two-thirds of the respondents to's Enterprise Mobility Security Survey 2013 said that, because of mobile devices, they face more risk than they did a year ago.

Yet, their concern hasn't translated into much action. Nearly 40% of enterprises do not require security measures on employees' mobile devices, and 20% do not have an established network security policy. The silver lining? About one-third of enterprises use a virtual private network (VPN) to facilitate secure, encrypted communication between remote employees' mobile devices and the company network.

The central management capabilities of VPNs are what make them well suited to be the centerpiece of an enterprise network security strategy. A VPN can manage all of the remote users, devices, operating systems and network communication mediums and combat many of the common threat vectors. Here's how:

1. Ability to work across multiple interfaces
When employees only worked on stationary desktop computers, one antivirus solution was generally enough to protect every machine. More than 90% of desktop computers run on Windows, which has made it easy for enterprises to adopt one universal antivirus solution.

A good VPN client provides a convenient user experience, without forced breaks and the need to re-establish the connection.

Now though, whatever solution is used to secure the corporate network must also be executable on multiple operating systems, including Windows versions of Vista and higher, Mac OS X, as well as mobile operating systems. A VPN that facilitates remote access over multiple operating systems is a necessity given today's crowded market, which is divided between Google's Android (78.1%), Apple's iOS (17.6% ), Microsoft's Windows (3%) and BlackBerry (0.6%).

2. Consistent network access no matter where device is connected
The problem of different network connection channels is unique to mobile endpoints. Depending on what device they're using, employees can now access corporate networks remotely through Wi-Fi, a hotspot or a 3G or 4G/LTE connection. When connection mediums change, latency can spike, and sometimes, the connection temporarily terminates.

A good VPN client provides a convenient user experience, without forced breaks and the need to re-establish the connection. The VPN client simulates a slow but existing data channel for the applications even if the media has been changed or disconnected to provide an uninterrupted session. Beyond promising an improved user experience, a VPN also keeps data secure at all times by ensuring employees are only able to access the corporate network if the connection is secure. This means that even if there are connection difficulties, the user won't be able to access the company network without an encrypted tunnel.

3. Complex security threats need stronger intrusion detection
When it comes to securing corporate data, antivirus software programs once were hardy mechanisms for desktop computers because they identified widely distributed threats. Today, that is less the case. The rapidly evolving complexity of custom malware makes antivirus software less effective. A 2012 Imperva study found that antivirus programs detect newly created threats at a rate of less than 5%.

Organizations live under the constant cloud of advanced persistent threats (APTs), which strike at an average of nine times every 12 months. Unlike traditional attacks, which are executed quickly, APTs remain within a machine or network and steal information over an extended period of time. Antivirus software and a traditional intrusion detection system (IDS) are well equipped to combat traditional attacks, but not so much APTs. The best defense against an APT is a comprehensive cyber security strategy, which applies remote access tools like VPNs in conjunction with endpoint security tools like antivirus software.

The key role of the VPN management console

A VPN ensures secure remote connections to the network, no matter where employees are or what kind of device they are using. It maintains existing network connections despite connectivity fluctuations and seamlessly switches between different media or access technologies.

And a VPN is able to do a lot with little manual management of its components. After all, VPN software has to be configured, and the best solution unites management tasks in one console and frees administrators to focus on higher-value activities without compromising security. This means, for example, that once a cyber-attack is identified, remote network access can be revoked as appropriate via a central management console.

By being proactive from the outset, IT administrators can be more reactive to threats, even as their security framework does most of the heavy lifting.

Next Steps

Which VPN is best for detecting security risks?

Read why it's important to manage your VPN client software

SSL VPNs can make securing access less complicated

This was last published in November 2014

Dig Deeper on IP Networking

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What measures have you taken to ensure security in a BYOD environment? What is lacking?
Almost every one of our employees carries his or her own mobile device and uses that device for work purposes. As a result we have had to institute a set of protocols to maintain needed security. All devices have to be checked for proper security software and two-factor authentication is also required.