by Steve Whiter, director of Appurity
The emergence of COVID-19 vaccines has offered the UK light at the end of the pandemic tunnel. However, even with an increasingly vaccinated workforce, it remains unlikely that we will witness a rush back to the office environment, the ‘old normal.’ As enterprises come to grips with the fact that some degree of remote working will become permanent for many employees, many are reconsidering their approach to mobile.
Mobile technology empowers employees to work wherever and whenever they want. But to make a mobile strategy work, organizations need to seamlessly provide secure access to business critical resources, or reset an Active Directory password, for example. When you can remove all your employees’ dependencies on computers, you can become truly mobile. And whilst personal, or personally enabled, devices are increasingly permitted in the work environment, moving to a mobile-first mindset will further serve to emphasize the ‘security versus convenience’ conundrum enterprises are facing.
A Zero-Trust Approach
Enterprises are moving to a ‘zero-trust‘ approach, which places greater importance on identifying the real-time health of a user’s device and the ability to provide conditional access to corporate data as a result. Zero-trust security is all about eliminating implicit trust. Effectively, it is an interrogation of trust within networks or the trust between host and applications. Boiled down, zero-trust implies that the best way to secure a network is to assume no level of trust whatsoever. Employing a zero-trust model supposes that no single person is able to solely execute any sort of change to the system that could affect the security of that system. One way to make this happen is to embrace a ‘zero-touch’ mentality whereby human vulnerabilities are effectively replaced by automation. In all things security, humans are invariably the weakest link in any chain. To mitigate human error, adopt single sign-on solutions and strengthen security controls that oversee how and where employees get access to specific data.
In the face of the continued publicity around sophisticated long-term and state sponsored attacks, enterprises are placing greater emphasis on the need for visibility and the ability to respond. And with increased use of mobile devices, this has led to increased demand for mobile endpoint detection and response (EDR). Mobile EDR allows for threat hunting, detection and response across managed and unmanaged devices.
Mobile devices have created a major gap in security architecture. The issue is that many organizations still consider smartphones and other mobile devices as an afterthought in their overall security strategy. Many assume (incorrectly) that mobile devices are free from security risks or that mobile device management (MDM) solutions provide adequate protection. The reality is that most employees now use at least one mobile device for work. And just because these modern operating systems can defend against more traditional attacks doesn’t mean they are inherently secure. Such devices are still vulnerable to malicious code and, due to their small form factor and personal nature, they are also very vulnerable to phishing and social engineering attacks.
A login must be secure. However, having to constantly enter credentials and remember complex passwords is annoying and can impact the user experience (UX) negatively. To enter a truly secure password on your smartphone takes at least 14 seconds according to the National Institute of Standards and Technology (NIST). And it’s a headache for helpdesks too – whichever process an organization uses to reset passwords, it can be a laborious process. For example, there will be an initial contact with the helpdesk, the generation of a support ticket and finally, the password reset. And let’s not forget that downtime during this waiting period equals unproductive employees; not ideal if the employee in question is a key individual within the business. Want an idea on how much this example could add up to for your organization? This handy cost calculator tool can give you an idea.
Also, prolonged waiting time serves to drive down overall customer experience and satisfaction. Your business can do without the negative UX associated with password reset downtime. If your employees are able to log in quickly and without issue, then they are better placed to offer excellent customer service. Consider adopting single sign-on solutions that allow for seamless security along with instant authentication.
As we wait to see what a post-vaccinated working world actually looks like, it seems likely that remote working will become permanent for many employees. And for many others, this style of working will form part of their routine alongside office work. Mobile phone and smart device technology needs to support this environment whilst maintaining a healthy balance between security and convenience.