Securing Devices in the Wild for Enterprise

We’ve shared six ways to start off secure in 2008, shown you how to keep your public wi-fi sessions secure, and supplied you with suggestions for free VPN solutions. But how about if you’re in the IT organization and you want to make sure that all those web workers with mobile devices are following company security policies even when they’re not connecting with the corporate LAN?

Fiberlink Communications calls it the “mobile blind spot,” the gap in network security that exists when notebooks or other devices are connected to the Internet but out of reach of standard security procedures. Its solution, Extend360, places an agent on the user device that constantly monitors for IP access. When an Internet connection is detected, the agent communicates with a management center that checks for compliance to corporate security policies and does what it needs to bring security up to date on that device. No need for the user to be proactive.


“The key with security is that the more the user has to do, the higher the probability it will be less secure,” said Skip Taylor, VP of product management. “That’s been a challenge for many years with IT trying to implement new security. You’ve got to find a way to enforce policy and the user doesn’t even know it happened.”

The Fiberlink solution addresses three key areas:

  • Persistent policy enforcement that scans devices to make sure required software is installed and that it’s running and that threat signatures and access-point information is up to date.
  • Centralized policy and software management. The administrator gains visibility through a browser-based portal.
  • Network access control. If a device isn’t in compliance with corporate rules, it can be blocked from accessing corporate data assets.

“Anytime it gets Internet connectivity, the platform can establish new policies, pull down an audit of what’s been happening on that device so IT can pull it up on web portal and say, ‘Whoa, I see Skip has his firewall shut down and that he needs a current anti-virus signature,'” said Taylor. “The agent is kind of a waiting to be told what to do — I call it the ‘ET phone home’ model.”

Like Fiberlink, iPass is another solution that promises to secure devices outside the corporate firewall. It differs in its approach by using its own 10-center virtual network to provide the interface between the network service provider and the iPass network, where security policies are maintained.

What have you figured out to keep your web workers’ devices secure while disconnected from the corporate mothership?

Comments have been disabled for this post