Implement network security remedies to secure mobile communications. The rewards for using mobile data access to improve business agility and employee productivity are tremendous. However, security issues should be addressed when considering the exposure of any enterprise assets to mobile users, whether through Virtual Private Networks (VPNs), secure browser sessions, Web services, downloadable applets, or any other means.
Use multilayered authentication, encryption, and location awareness. A critical step in secure enterprise mobility planning is using end-to-end encryption using secure means, such as digital certificates, for accessing enterprise networks and enterprise applications. Don't trust the native encryption offered by wireless access points, for example, especially if you don't own or have full administrative control over those access points.
Don't rely solely on digital certificates or any one authentication method. If possible, use a multilayered approach, which combines some nature of physical ID, such as a MAC address or a dongle, with software-based authentication using certificates and "information you know" like an often-changing password or other challenge/response. While all methods are potentially vulnerable, their combination reduces the risk. To lessen the potential impact of the loss of a mobile device, or the interception of access protocols or back-door hijackings through a VPN, consider adding location-aware access policies and roles. All remote traffic should be considered suspect, and be monitored by firewalls or intrusion-detection systems.
Critical applications and servers may also benefit from role-based awareness of the client's location, with users designated as "local user" or "mobile user" depending on the security of their network connection. Some sensitive functions or data transfers might be configured to be available only to "local users," that is, trusted devices that are either using an enterprise-controlled WiFi access point or are physically connected to the on-premise Ethernet infrastructure. Also consider the use of Web or Internet proxies to monitor, log, and apply policies on remote users.
You may also need to ensure that strong administrative policies are in place on the local device, to ensure, for example, that file sharing is disabled, and that antivirus, intrusion detection, software firewall, and other required tools and settings are not only installed, but active and up-to-date with patches. Some remote access service providers can act as proxies for remote access and their infrastructure can include features for testing and enforcing end-user policies.