Working remotely is the new normal, due to the coronavirus crisis. And it may stay that way for the foreseeable future. Many organizations have started to implement structure around their work-from-home policies and faced some questions around security best practices. For example, how do we simply push out the latest apps to our employees’ devices while they are working from home on unsecured networks? How do we prevent our employees from introducing new vulnerabilities to our corporate network and most vital on-premises and cloud applications? Do we have a way of ensuring that new applications being downloaded to laptops or mobile devices, which may include malware, are not creating holes that can wreak additional havoc?
Let’s face it, many distractions happen during the day. Amazon delivers multiple times per day now, bringing toilet paper and other essential items. And kids bombard your new office space with earth-shattering news they just heard from their friends, like how the highly coveted Golden Goose shoes are now on sale or that they need to download a new application to play games – all while you are in the middle of a very important meeting with your VP! To simply get your kids out of your hair, you hand your credit card over if they promise not to bother you again that day.
What happens next? Your kid gets a link from a friend and sideloads/downloads a new app to play games or keep up to date with all the latest and greatest apparel. Unbeknownst to you, the website is fake and asks personal questions that we would advise him or her not to answer if we were really paying attention. Fast forward a few days, your home network seems to have slowed down because the video is not working as well as it did before and everyone in the family is unhappy because the “internet doesn’t work!” Malicious actors are now in your home network and your kid’s mobile device is the culprit!
Malicious apps are incredibly easy to introduce to not only your home network, but your company’s network as well, thanks to work-from-home being thrust upon many of us and the fact that most of us don’t want to use a corporate VPN as it requires a different set of credentials, so we use our mobile phones or webmail instead. Many IT teams also require a physical token that you must plug into your laptop to protect your data. So, in order to access corporate data on a laptop, you must use a password to log into your laptop, another password to log into your VPN, and then make sure that you have your token to authenticate into email. Oh, and then you need another set of credentials to log into Salesforce.com. Passwords, apps and home Wi-Fi networks are a security afterthought for most people today, but they are easy avenues for bad guys to take control of your home network and potentially impact your company’s network, if not properly secured. Many corporate VPNs implement a split-tunnel VPN, which can still introduce a mobile threat onto a device via drive-by malware download.
As we begin to flatten the curve and heal, it will be essential for organizations to learn from their business continuity, disaster response policies and procedures. Bringing our workforce back into the office and learning from the challenges will result in an unprecedented opportunity to create positive change to how people work securely in a world without passwords. Think about our healthcare workers right now. Using biometrics, they can easily log into their personal mobile devices to let their loved ones know they are safe and will be home soon. However, other mobile devices being used to treat patients often require passwords and another keyboard that could be contaminated. Attracting and retaining the best talent on the market requires organizations of all sizes to be flexible and look for exciting new technologies that improve end user satisfaction, reduce service desk tickets while increasing security to comply with regulations and reducing risk of a breach.
MobileIron unified endpoint management (UEM) can silently install the VPN client along with its profile that can use identity certificates to authenticate to MobileIron Sentry or MobileIron Access. MobileIron Tunnel can automatically be triggered to launch on a per-app, on-demand, or always-on mode to secure the connection over the insecure Internet. MobileIron Access provides conditional access rules for the permitted app, source IP address, and domain. MobileIron Threat Defense provides protection for both malicious apps like malware and leaky apps. MTD can also detect device and network level threats.
Working from home was thrust on me when I left a large enterprise software company 17 years ago and joined a smaller, nimbler .com company. It was tough going from my own office with a nice desk, comfortable executive chair, fresh fruit every Tuesday, coffee on-demand and other amenities to working out of a spare bedroom in a less-than-comfortable dining room chair. The harder part was the isolation and feeling of being on an island without any life preserver.
Fast forward to today: I’ve learned lessons along the way, and now I’m successfully working at home with two teenagers and a wife. Having a routine and being thoughtful are key to my success. My day starts with exercise and a deep stretch to clear my thoughts. As you begin to define your new normal look for the small things that make you smile!
And to learn more about MobileIron UEM and how it can help enable a remote workforce, contact us here.