Increasing staff mobility means that building a rock-hard perimeter is no longer sufficient — because when staff no longer work from a specific workstation that is hard-wired into the corporate local area network (LAN), it's no longer clear where an organisation's perimeter lies.
Employees may be based in remote, regional outposts and working across a wide area network (WAN). They may be on-site, but working over a wireless local area network (WLAN) from warehouses, distribution centres or other far-flung points on an organisational campus. They may be travelling between meetings, attending conferences, working at clients' offices or from their own homes and connecting to back-end systems over the Internet.
Mobile working brings new freedoms to an organisation, making it possible for staff to access work and information when they're on the move. It brings a new flexibility to when they work and how they work, making them more productive. And there are no frustrating periods of 'down time', in which they cannot complete work until they return to their office-based desktop computer.
Wherever members of this increasingly mobile workforce roam, the priorities for CIOs and their teams remain the same: safeguard the integrity of corporate data; be sure it doesn't fall into the wrong hands; and at the same time, guarantee that the security measures you take don't impact application performance or user experience.
For these reasons, many CIOs can hardly be blamed for casting an apprehensive eye over their existing security systems and practices and deciding that a fresh approach is needed if they are to meet the challenges of the mobile workforce – a more holistic approach that seeks to impose rigourous data security measures not only at the core of the corporate network, but also at its edge and onwards to its most distant endpoints, such as laptops and smartphones out in the field.
The core, however, is still the best place to start. While it's vital to secure data no matter where it resides, the most critical business data continues to be attached to the Storage Area Network (SAN). This fabric is centralised and supports almost every aspect of the data centre – from the server environment and workstations, to edge computing and the back-up environment. This makes it an ideal place to standardise and consolidate a holistic security strategy. The key is to build upwards and outwards from there, developing robust and non-intrusive security policies that address the needs of different kinds of users as you go.
For that reason, a fabric-based security solution is an increasingly popular option for CIOs concerned with safeguarding sensitive customer and employee data and their company's valuable intellectual property. In particular, they're looking for an architectural approach that incorporates a security intelligence layer, managed through a centralised administrative console.
The benefits of that kind of solution are clear. It enables IT professionals to create and enforce security policies as required; update them or develop new ones in response to emerging threats; and to monitor systems and conduct regular security audits of the corporate infrastructure, with a view to spotting potential breaches before they occur. The right solution will also incorporate powerful encryption technology – preferably including AES-256 – enabling them to wrap sensitive data in transit between systems in an additional layer of protection.
From these solid foundations, network infrastructure products that reach out to the mobile workforce can be plugged into the backbone, extending security best practices to the rest of the corporate infrastructure. Take, for example, the corporate network's edge: technology advances mean that a WLAN can now extend an enterprise network to areas of the business that were previously unattached to the enterprise infrastructure, particularly to locations on an organisational campus where laying a cable infrastructure might prove challenging or prohibitively expensive.
In this way, remote teams working from anywhere on that campus can access the applications they need from laptops, tablet PCs and PDAs. They may be warehouse staff recording the dispatch of goods to a customer from a loading bay, medical staff taking patient details in an outpatients' clinic, or library staff providing a mobile book collection service around a university campus.
Some CIOs and their teams still have doubts about the security of wireless networking technologies – a hangover, perhaps, from the early days of the 21st century when vulnerabilities in the Wired Equivalent Privacy (WEP) protocol were publicly exposed. But today's wireless networking products, when tied to a secure data-centre fibre backbone, can offer levels of end-to-end protection just as secure as a wired network. WPA2 (Wi-Fi Protected Access), based on the IEEE 802.11i security standard, uses algorithms built on AES, for example. Wireless intrusion systems, meanwhile, enable IT teams to detect and locate unauthorised devices. And techniques such as 'geofencing' enable them to provide access to back-end systems based on the physical location of wireless devices.
Likewise, a secure data-centre fibre backbone also brings mobile workers' endpoint devices that little bit closer to network administrators and firmly under their control. Regardless of their physical location, the laptops and smartphones that so many mobile employees rely on to stay productive must be secured if an organisation is going to lessen the risks associated with their loss or theft. It's not just a matter of protecting the integrity of the data they hold; it's also about safeguarding the data they are able to access at the back-end.
A robust, holistic security strategy that takes into account increased mobility will seek to secure these devices both locally and centrally. Local measures include hardware lock-downs (equipment should be password-protected so that it can't be accessed by unauthorised users) and software-level precautions (encryption should be applied so that even if the device is compromised, the data it contains is useless without the proper authentication keys). Meanwhile, at a centralised level, network administrators need to tie network access control (NAC) and intrusion-detection systems into the corporate security backbone, so that they can control the data traffic that follows to and from these devices at the point where the corporate network meets the public Internet.
From a solid foundation, it's possible to build an architecture today that protects corporate data from malicious activities, data breaches, network intrusions and policy violations, even as it roams the campus and the wider world in the hands of mobile workers. Many companies looking to do just that; according to IT analyst firm Forrester Research, approximately 40 per cent of businesses will significantly increase their spending on new IT security technologies in 2010. But without a strong, secure core, corporate data at the network edge and remote endpoints may prove far harder to lock down.