Protecting mobile workers from internet based threats has always been a difficult task for any IT department. This is becoming a more important part of network security as a greater number of staff are mobile and the corporate network moves towards a more borderless model. The challenge is to enforce a corporate “Acceptable Usage Policy” (AUP) while users are outside the corporate network perimeter. Doing this without affecting their productivity or the productivity of IT support staff is the problem. In many smaller networks an AUP is simply unenforceable while the users are roaming.
Solutions are available from many of the leading Anti-Virus vendors in the form of endpoint protection clients. However, they generally cannot be managed or updated by their home IT department when they are on external networks. They are bundled solutions with Anti-Virus, Firewall, Anti-Malware and Web Reputation Filtering and are not as dynamic as may be required in today’s Web 2.0 world where threats can be moving targets. For example, cybercriminals have employed their own solutions to circumvent web reputation filtering by using tools that run lookups against Google BlackList, ZeuS Tracker, MalwareDomainList.com, SpamHaus, and others. They will know immediately when they are on radar, apply some simple evasion techniques and they are back in business.
Some organizations have access to expensive, sophisticated security solutions, with resilient VPN on dedicated WAN links for roaming workers. Other organizations may not have the budget or staffing necessary to implement and support such a solution. In many cases where an IT department have received instruction that an AUP must be enforced from all company laptops regardless of location, they resort to configuring users to connect into the corporate network via VPN. This creates the problem of backhaul into the corporate LAN. This can create bandwidth congestion at HQ and also affects the remote user experience.
Cisco ScanSafe has a solution for this with AnyConnect Secure Mobility. It extends ScanSafe’s Web security-as-a-service to remote workers. This is not a proxy, it’s not a browser plugin, there’s no reliance on vpn and no hardware necessary. All that’s required is a subscription and a driver that is simple to deploy onto host machines. Wherever the user is located their web traffic is encrypted and then forwarded onto the nearest ScanSafe scanning tower on the internet. No more backhaul, the AUP is enforceable and that previously exposed network perimeter is secured and ready for the borderless world.
More info on Secure Mobility