From mobile phones to WiFi door locks and ingestible smart pills, connected devices that make up the Internet of Things are entering our offices, home, and even bodies at an astonishing rate. Such devices were once a distant figment of our imagination or something only dreamt up in a Sci-Fi film, but we’re quickly becoming dependent on them to track our exercise, unlock our homes, or diagnose our illnesses.
IoT has added momentum to the consumerisation of IT, meaning employees now expect the workplace to be just as connected as their homes. In turn, remote work environments that offer more flexibility are not only expected but even demanded, expanding the business perimeter well beyond the four walls of the office.
Welcoming the millennial workforce
Adding to these challenges is the rise of the millennial workforce, which will comprise 75 per cent of the global workforce by 2025, according to Deloitte[1]. A generation of digital natives, with greater expectations for a modern mobile work environment, millennials don’t want to use clunky legacy IT and demand intuitive user experiences. Unless you comply, they’re likely to defect to competitors who can facilitate their anywhere, anytime, connected culture.
Mobile demands a security reset
To facilitate this demand, many organisations are adopting a ‘deskless’ policy, where employees are no longer tied to a single desk but are provided with the tools to work on the go. This is why Bring Your Own Device (BYOD) dominates how companies provide mobile access to apps. But to ensure digital devices are covered under the protective corporate umbrella, organisations must extend their security measures to wherever their employees are – whether that’s a coffee shop at an airport or the morning train commute. Here are some suggestions for how to do that:
Don’t use legacy directories
Microsoft Active Directory is a popular software system to control access to corporate apps. First released in the 90s, it was designed for very different world than today:
- Employees only worked in an office — not remotely
- Employees on worked on PCs — not iPhones, Android devices, or Macs
- Employees were the only users given access to Active Directory (AD) — no other types of users such as contractors, franchisees, brokers, or other non-employee workers that comprise today’s agile workforce
Because of these factors, AD simply doesn’t work well today’s needs: non-employee users accessing company apps from non-PC devices outside the corporate firewall. Companies should instead use a cloud directory engineered to be secure on the Internet, without the crutch of a firewall, accessible by a wide range of user types and devices.
Don’t rely on passwords
With over one billion credentials hacked[2], passwords are simply not enough to secure corporate apps. Multifactor authentication (MFA), where you use your phone to sign into an app, is now table stakes for keeping your company secure. But having to reach for your phone every time you sign into an app gets tedious, fast. So look for dynamic MFA, which only requires you to sign in when working remotely, which can install a certificate on your laptop as a second factor to enable painless MFA, and which works whatever authenticators are preferred by your security team, such as those from Google, DUO, RSA, and others.
Don’t harm employees with MDM-zilla
Traditional Mobile Device Management (MDM) vendors brag about their ability to wipe all data from a mobile device. This would be fine if it were 2007 and we were all using company-issued Blackberries that only have company email. But — like Active Directory — MDM is designed for bygone era. Imagine if an IT admin used an MDM “solution” to accidentally wipe your personal device when travelling: you wouldn’t be able to contact anyone, you wouldn’t know when your meetings are, and you wouldn’t even have your airline boarding pass! Better solutions that protect personal data and apps from IT admins are coming; be sure to look for them.
Facilitating the needs of the modern mobile workforce will be more important than ever in 2017. It will be vital for companies to turn concerns and demands into actions. It is only a matter of time before skilled tech-savvy workers demand to work with more technologically progressive employers.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.