Enterprise Mobility & Security: Convenience & Protection
The early 2020s have seen one of the greatest seismic shifts in how people live and work in a generation, and as much as some companies want to push back on the remote working revolution, the future of business will feature more staff and smaller offices.
One of the biggest changes is the widespread adoption of the enterprise smartphone, to the point that a lot of office staff have a mobile phone instead of a desk phone to answer inquiries, and the feature set of most phones has expanded to the point that nearly any business task can theoretically be completed.
With this huge increase in functionality and an increasingly disparate workforce comes a dilemma for many IT security teams, as they need to ensure that workers are not overly restricted when it comes to doing their jobs but are also safe from a greater array of security hazards than has ever been seen before.
However, as user needs have become more complex and sophisticated, so too have the capabilities of enterprise mobility and security options for businesses of all scales and sizes.
Why Does Enterprise Mobility And Security Matter?
Over the last two decades, we have seen businesses go from being confined to wired networks and fixed locations to being able to access all of our work and files from anywhere in the world with an internet connection.
Part of this can be credited to the efforts of Research In Motion and the BlackBerry range of smartphones that dominated the enterprise market for eight years before the launch of the App Store, and the modern smartphone landscape meant that mobile phones could do more than receive emails.
This, in combination with the rise of wireless internet access, hot desking making laptops the primary computer type used in offices and cloud services, allowing for teams to communicate, collaborate and share files no matter where each of the individual members are, changed office culture.
This has become a tremendous boon and opportunity for many businesses, who can cast a much wider net to find the right staff for their business and work even when the rest of the world is shut down.
However, it has also led to a dilemma for IT teams and cybersecurity staff, as it is much harder to monitor the security of a wireless cloud-driven enterprise system than a wired intranet based in a location that was easy to physically monitor would be.
Unregistered and insecure devices should not be allowed free and full access to a company’s valuable files, as it would expose them to security risks and potential legal liability depending on what information was stolen.
At the same time, an overly restrictive security policy that limits the functionality of smart devices can, at best, become frustrating for members of staff and, at worst, stop them from doing their work, leaving them in the same position as many new employees on their induction day.
Thankfully, enterprise security is not that binary. IT security has evolved to match, creating a wide series of standards that help improve the baseline security of all of a system’s users.
However, with increasing security technology also come more sophisticated, targeted, and personalized types of attack that are aimed at mobile users, and tackling complex threats such as these requires a holistic security approach.
IT Security In A More Digitally Complex World
Much like how the office has changed so fundamentally over the past two decades, so too has the IT security world evolved to effectively manage threats that would have been inconceivable at the dawn of the millennium.
When widespread internet access was only just beginning to take off, many home and business computers were not designed with security in mind at all, with many operating systems such as Microsoft Windows not having multi-user functionality by design, leaving them vulnerable to the many infamous viruses and worms of that era.
We are far removed from those days, and even the most basic consumer-grade hardware will have some form of basic electronic security. Microsoft Windows has both User Access Control and a built-in antivirus detector that helps to protect consumer-grade hardware and software.
However, IT security teams are aware of the increasingly sophisticated nature of cybersecurity threats out there, and through a mix of technical solutions and wider education on spotting hidden threats, they help keep people and businesses safe.
On the latter front, a lot of the main advice provided by IT professionals is common sense instructions that everyone should follow, such as never clicking on links or downloading apps from anyone they don’t know, avoiding unencrypted networks, and keeping your devices constantly updated.
It also involves educating people on security threats and best practices when they start with the company and at regular intervals as trends in cyberattacks change considerably, with practical examples and varied learning tools.
However, there are practical solutions as well, and here are some of the most commonly used systems and why they have become so essential.
What Is TLS 1.3?
Originally proposed in 1999, Transport Layer Security (TLS) is one of the fundamental layers of privacy and security for the Internet as we know it, especially after it superseded the previously ubiquitous Secure Sockets Layer (SSL).
It establishes the three fundamental parts of data security and avoids the risk of data being intercepted, read, or altered before it reaches its destination (known as a “man-in-the-middle” attack).
Data sent through TLS is encrypted, its integrity is verified to ensure it is the same data that was sent, and through an authentication handshake.
It is most associated with websites and web applications thanks to the HTTPS protocol but is also used to encrypt voice over IP (VoIP), email, and several short message services such as WhatsApp.
TLS 1.3 was launched in 2018 and is the current version of the protocol, with a few revisions since then to ensure advanced and continued security. It is also far more efficient and faster, cutting down latency whilst also improving security.
What Is HTTPS?
The hypertext transfer protocol (HTTP) is the basis behind the World Wide Web and the Internet, as most people interact and interface with it.
HTTPS is a specific implementation of the TLS protocol that is primarily used with web browsers.
Most of the time, you can tell that you are on an HTTPS-supported website not only by the start of the web address featuring the “https” followed by a colon and two forward slashes but also because of a lock icon that appears next to the address bar on your web browser.
What Is SSRTP/SRTP/RTP?
Three variations of the same system, the Real-time Transport Protocol (RTP) is the primary system for sending audio and video over the internet, which is particularly important for streaming media and teleconferencing.
Initially launched in 1992, RTP has to be as quick as possible with as little latency as possible, given that when used for online communications, those short delays can lead to people talking over each other and cross-communication issues.
However, it also needs to be secure, which led to the development of the Secure Real-time.
Transport Protocol (SRTP), much like the TLS and HTTPS protocols, aims to ensure that communications are authentic, have not been tampered with, and have not been intercepted.
What Is STUN/TURN/ICE?
Three standard network protocols that are often used together when establishing peer-to-peer communication with another device to ensure they are using the most direct and, therefore, fastest method possible to communicate, STUN, TURN and ICE are designed to improve reliability.
The first of these, Session Travel Utilities for NAT (STUN), is a tool for hosts to find and establish a direct connection between two clients during Network Address Translation (NAT) and any restrictions that would stop a direct connection.
Traversal Using Relay around NAT (TURN), on the other hand, uses a dedicated server to relay around firewall rules that some routers have, which means they will only accept connections from users you have connected to in the past.
The TURN server acts as a middleman between both users, which does mean there is slightly more overhead and, therefore, more latency, but it is an effective alternative.
The Interactive Connectivity Establishment (ICE) is the middle-management tool that determines which STUN and TURN protocols can be most effectively deployed to connect clients when NATs and Firewalls make it more complex.
ICE checks to see if a STUN connection can be established and if not, then communication will go through a TURN server, with the former option more desired as the latter requires the use of an additional server.
What Is WPA2-Enterprise?
Wi-Fi Protected Access (WPA) is the standard certification protocol used to secure wireless networks and is most commonly used for the secure and complex WPA2 and more recent WPA3 standards.
The WPA2-Enterprise system specifically is the more robust and complex security arrangement trusted by businesses. This uses a system known as RADIUS authentication as opposed to a standard network key and ensures that a server is not vulnerable to some forms of attacks, such as guessing a password using a dictionary tool.