BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>Masterclass>

PREVIOUS

Filtered Articles:1 of 14   Current Article ID:4900

NEXT



PSN-compliant mobile working

Editorial Type: Masterclass     Date: 11-2014    Views: 3546   









A PSN-compliant mobile working solution offers tangible benefits, but it is critical to enter into the process with a robust strategy, cautions Tim Ager of Celestix

In the last year, the need for local and regional bodies to comply with PSN regulations has driven significant changes in how confidential and sensitive data is consumed. Nowhere is this more apparent than in the mobile working arena.

Transformational government initiatives, along with developments in the mobile device market, have driven mobile working projects on a greater scale than ever before. Local and regional government bodies are mobilising up to 50% of a previously office-based workforce.

The headline news is all about cost consolidation and the selling off of council property. This can turn property into funds that can be redistributed to drive new working initiatives. However, empowering a larger mobile workforce places a greater burden on an organisation's infrastructure. In effect, this moves cost away from property and on to an IT team that now has to support a more diverse user base.

Perceived cost reduction is only one aspect of mobile working initiatives. Security is a significant factor in ensuring confidential data remains safe, wherever it is consumed. The problem is with the sheer number of devices that may be used to gain access to the network.

Diversity represents a natural threat to security, and each different operating system and device that is used will likely require different means of accessing the network. Whether an organisation decides to allow access only to corporate devices or to unmanaged devices is a matter of determining the risk and rewards of 'BYOD'.

Finally we have the PSN regulations themselves. PSN guidelines for mobile working provide fair and reasonable guidelines for implementing a compliant mobile working solution. But compliance and security is not the same thing. As with many regulations, it is possible to comply with the guidelines without necessarily being secure. Nowhere is this clearer than in relation to the use of two-factor authentication.

PSN guidelines state that "where possible, any mobile/remote device that has access to PSN services/networks should use two-factor authentication". Taking the statement literally means that, in theory, organisations could do away with the use of additional two-factor solutions that are used to authenticate the user and replace them with machine-based certificates that provide the identity of the device alone. This approach may well simplify the user experience, reduce helpdesk burden and achieve compliance, but it exposes organisations to a significant level of risk. Identifying a device does not go far enough in ensuring that only trusted users have access to sensitive data. If a trusted device is left unattended, lost or stolen, then an untrusted user has the potential to connect to an organisation's network unchallenged.

There are tangible benefits in delivering a PSN-compliant mobile working solution, but it is critical to enter into the process with a robust strategy that addresses the greater number of mobile workers and the potential diversity of the endpoint devices they use. As with any regulatory guidelines, PSN guidelines are in place to ensure a secure minimum standard for enabling collaboration with remote workers. In reality, though, they prove that the best way to achieve compliance is to focus on the security first. If a solution is secure first and foremost, it should be expected to meet and potentially exceed the regulations.

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT