Hackers are increasingly carrying out their attacks by exploiting the vulnerable networks around us. Attack tools such as Pineapple, Droidsheep and others have become widespread as their availability and sophistication continue to grow.
Network-based attacks make enterprises especially susceptible to risk as they embrace the mobile era to enhance worker productivity and optimize decision-making within distributed workforces. Risk grows exponentially for enterprises as they implement higher numbers of smartphones, tablets and other devices: mobile devices connect to at least ten times more networks than traditional end-point devices. Additionally, today’s mobile operating systems impose limitations on IT departments’ abilities to directly address network-based risk.
Some enterprises have turned to “VPN tunneling” to counter network-based attacks and work around OS limitations. The tunneling strategy involves encrypting all employees’ traffic and tunneling it through dedicated servers for analysis outside of devices. In order to be effective, this approach needs to be applied 24/7: employees may work on their mobile devices anytime, anywhere and not specifically during work hours or on work premises.
At first, VPN tunneling may seem like a perfect solution to network-based attacks. However, on closer examination, IT departments will discover inherent shortcomings including:
- Insufficient Employee Privacy: The world today is very different than a few years ago when employers bought PCs or laptops for employees and maintained a close watch on all suspicious activities on those devices. Employers had all sorts of tools and security solutions deployed on those end-devices. The BYOD movement, on the other hand, dictates that in many cases work is performed through an employee-owned device, which is also used for personal needs. This brings about an interesting challenge as employees do not want their personal activity to be tunnelled and monitored by their employer or a 3rd-party solution. Consequently, employees will tend not to adopt tunneling on their own devices, instantly negating employers’ best attempts to avoid network-based attacks across their entire organizations.
- Bad User Experience
- Latency: Instead of browsing directly to the target server, tunneling adds an additional hop for traffic, resulting in latency that impacts end user experience. While this issue can be mitigated by adding more proxy servers around the globe, it comes with a hefty price tag.
- Battery consumption: In order to tackle man-in-the middle (MitM) threats, tunneling solutions often encrypt all of a user’s traffic. This causes a noticeable (in some cases, a severe) impact on battery performance.
- Connectivity: As traffic is routed through VPN servers, any connectivity issue on a proxy server can kill ALL (both personal and business) data communications for the employee, potentially severely disrupting business continuity.
- Incomplete Security: VPN tunneling is limited when it comes to intranet communications. The reason is simple: communications happening from within an internal network circumvent the tunneling approach.
With the critical flaws of VPN tunneling, enterprises should consider alternative strategies to adopting BYOD securely without impacting user privacy or experience. Here is a quick guide to selecting a mobile security solution that works for both IT and end users:
3 Key Requirements of an Advanced Mobile Security Solution:
- Should not require employees to learn a new “secure environment” but instead allow them to use the apps they know and like.
- Should have a minimal footprint on the end-user device, minimizing impact on battery life.
- Should not interfere with critical network access needs and provide uninterrupted secure connectivity for both personal and business use.
At Skycure, we are breaking the mold with smarter approaches to meet the mobile security needs of the most complex IT environments–without impacting end-user privacy or experience. We invite you to sign up for a free trial to find out how many of your employee devices are connecting to malicious networks or are undergoing a targeted physical, malware or application level attack. Sign up for your free 30-day trial today!