In the past, enterprises approach security based on a basic set of assumptions – that blocking or filtering ports (and subsequently, URLs) is an effective way to stop unwanted and potentially dangerous traffic. However, we all know that the ways businesses use the Internet have evolved beyond the capabilities of port-based approaches to security. Today’s networks require IT departments to understand what applications are running on the network (what it is, where it is, who’s using it, and how; and what their weaknesses are).
For example, the latest edition of Palo Alto Networks Application Usage and Threat Asia Pacific Report showed that just nine applications are responsible for more than 98 percent of exploit logs. Of those nine, seven were commonly used business applications that form the backbone of most organizations’ business processes.
Additionally, with the high penetration rate of smartphones and tablets, there’s no question that mobility is changing the way people live and work. Smartphones and tablets are becoming extensions of one’s lifestyle, with people developing deep affinities for the platform of their choice. As a result, there is a growing trend for individuals to make their own choices about the device they want to use for both business and personal reasons. Thus, IT security teams are now faced with the challenge of how to let users use their device of choice while maintaining protection of the data.
According to International Data Corporation’s (IDC) Worldwide Mobile Worker Population Forecast 2011-2015, 838.7 million employees in Asia Pacific excluding Japan (APEJ) will be mobile workers by 2015 and majority of these mobile workers will be office-based.
In Singapore, more than seven in ten companies (72 percent) reported that majority of their employees now use personal computing devices in the workplace and 68 percent reported that majority of their employees are also using tablets for advances businesses function such as CRM, project management, content creation and data analysis.
The challenge for businesses is how to give users the full advantage of their mobility platform of choice without introducing risks to the business. Despite the many approaches towards mobile security on the market ranging from containers, virtual desktops, and mobile device management platforms, each of these technologies has use cases which are applicable in certain situations, but in addition, each of them also have limitations as well. What’s missing is the use of network security to provide comprehensive protection and enforcement of policy.
The network is optimally situated between users, applications and devices, and thus it’s in the optimal location to enforce policy. A mobile solution must be able to bring users to the network, and then implement security controls on what they may do.
Nowadays, cyber criminals attack a specific network application with malware masking itself as another application. This means that the era of port-based security is over and simply blocking or filtering a port leaves a lot to be desired as a solution to address the problem. Protecting today’s networks require firewalls backed by a deep understanding of what applications are running on the network, who is using the application and what data that application is accessing. Knowing that will allow network administrators to develop policies that safely enable applications.
At Palo Alto Networks, we believe that the combination of the next-generation firewall, GlobalProtect and products from our technology partners are the proper components for providing network security for mobile devices across the full range of use cases. The solution allows organizations to protect the traffic, protect the data, and ensure that the device is suitable for use in the corporate environment. In turn, these measures allow the network to provide safe enablement of mobile devices while providing the level of security that the IT organization needs today.
By Sharat Sinha, Vice President, Asia Pacific, Palo Alto Networks