Few financial institutions doubt the value of empowering employees to work flexibly. According to an IDC survey as many as 69% now permit at least some of their work force access to key applications and resources away from their desks. However, poorly implemented mobile working strategies represent a risk to financial institutions through the misappropriation of confidential data, the loss of business continuity, or as a result of a reduction of trust.

Traditional data network components are not designed to support mobile working practices. They were created for static work practices where devices were situated on-site behind physical and electronic security perimeters. User behavior was constrained by these perimeters and access to the corporate network was always maintained through the same trusted connection.

With mobile working, security perimeters no longer exist in the traditional sense. Connection type, status and availability are key issues affecting an employee’s productivity, and user behavior has become all important to maintaining the integrity of corporate assets.

Changing the way we think

Overcoming the challenges of mobility involves developing a well-defined mobile working strategy: one that understands the needs of different types of mobile worker and the areas of highest risk. But, just as importantly, it involves ensuring that every element of the network is designed to provide optimal performance, security, availability and reliability.

Indeed, the components of the infrastructure should be selected with an understanding that security is no longer about defending a single, static barrier. Instead, it is about ensuring integrity over an extended enterprise with many dynamic perimeters. At the same time, networking products must ensure that control remains in the hands of network administrators.

Identifying products that meet the demands of a mobile workforce means looking for components that are intelligent by design and that cooperate with other devices on the network. These are products that can make dynamic decisions for the security and performance of the infrastructure, and alleviate the burden on administrators and users alike.

Securing mobile access

For systems to remain secure, security needs to be easy to apply. A lot of harm is created by users – and administrators – who have not set up their devices and systems properly. Secure Sockets Layer Virtual Private Network (SSL VPN) gateways play a key role in overcoming this failure. Enabling users to log on via a web browser, the SSL VPN is effectively clientless. Therefore, logging in is extremely simple and significant time is saved in terms of management and maintenance.

The gateway is also effective in simplifying the process for permissions. Because the gateway itself enforces very granular access – from authorizing which resources and applications a user can utilize, down to giving him/her read-only access to a single file – administrators can control remote user behavior in a very straightforward manner.

This level of transparency also makes it much easier to maintain and track detailed logs of user activity for regulatory compliance purposes. Moreover, it means that providing appropriate access to guests, such as auditors or contractors, can be straightforward and well-defined for each individual – again alleviating the burden on network administration.

Security is further assured with the SSL VPN gateway through automated endpoint security functionality. Such features perform checks based on company policy such as: looking for open ports and malware, checking for levels of anti-virus code and making sure that software on end devices is up-to-date and compliant. If a device is deemed unsafe, endpoint security features can offer different degrees of remediation to bring the end-point back in to compliance (removing the burden from the user to troubleshoot their connection).

Doron Abrahami is Senior Manager at Juniper Networks, 201-913-9975; email: dabrahami@juniper.net;
web: www.juniper.net.