IT departments supporting a wide array of Internet connected devices may have to migrate from application- or OS-specific security policies to network policies that can extend to many types of devices, according to Joy Ghosh, vice president of Asia Pacific for Extreme Networks.
“Network-driven policies are more suitable for the mobile world as they can be applied to both people and their individual devices, so regardless of where a user logs into the network or what they are using to access it, they can be supported securely,” says Ghosh.
However, a security policy is only as strong as the discipline and creativity of the IT personnel who are tasked with creating and enforcing it, Ghosh emphasizes. “Therefore, close watch must be kept on all the possible threats that face the campus and cloud, from configuration errors, to rogue employees to careless wireless users sharing passwords or devices with others.”
Consistent experience
As mobile users seek better experience when accessing applications from any device, anywhere and any time, it’s also about securing the applications by keeping consistent policy. “We don’t write the policy on the device,” says Manny Rivelo, executive vice president, service provider and security solutions at F5 Networks. “We write it for the application wherever they are in the cloud or in the enterprise’s own data center.”
“No matter where the application is and no matter where the user is, we can authenticate the user and authorize the user based on policy,” adds Rivelo. “Policy can be what device they're using, what application or resource they’re going to, their username and password, what time of day it is, and their endpoint’s virus patch update, among many other things. The policy could range from granting them access to the all applications to no access.