VPN – Rob Tiffany

December 30, 2016October 16, 2022

Mobile Apps Must be their own Fortress to Withstand Attacks from Hackers

A #mobile app must be its own fortress and never assume platforms are encrypted, authenticated, use VPN or require a PIN for #security.

I guess developers can’t count on anything these days. How you deal with security is what separates consumer app developers from enterprise app developers. The best apps assume an insecure, unencrypted and completely compromised mobile platform. In a world of bring your own app (BYOA), this will differentiate consumer app developers from trusted enterprise app developers. Imagine the scenario where a logged-in device is left behind in a taxi and is stolen before device security kicks-in to log the device out. A window of time ranging from five to fifteen minutes of exposure is realistic.

So how does a mobile app take charge of its own security? On launch, it must prompt for enterprise credentials like a password, PIN, face or fingerprint before allowing a user inside the app. Eliminate the use of cached credentials and tokens or keep expiration times to a minimum. Next, the app must provide its own encryption for data at rest. This is accomplished through the use of a mobile platform’s crypto APIs. Oftentimes you can reuse login credentials as a password and salt value. Use this to encrypt all downloaded and user-entered data before saving to local storage. The app must use TLS or per-app VPN tunnels for all remote communication to secure data in transit. Lastly, trustworthy apps should never take dependencies on platform capabilities they don’t actually require.

Reduce risk to your business by insisting every enterprise app you build or buy provides its own comprehensive security capabilities. Is your company making app security a top priority?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Click here to purchase a copy of my book today and start transforming your business!

August 11, 2016October 16, 2022

Reduce Risk to Your Business by Ensuring Your EMM Package can Block Malicious Apps

To prevent malicious apps from attacking corporate assets, get an #EMM solution that disables #mobile #app stores while blacklisting and whitelisting apps.

Despite what you’re thinking, malicious apps may be one of the biggest threats your mobile enterprise will face. You might believe that device encryption, the use of a PIN to logon and utilizing a VPN to connect to your corporate network means your safe. You’re not.

Within the security envelope your device has created, a rogue app could still drive a truck through your VPN tunnel and attack internal assets. Users routinely download apps without paying attention to the list of permissions and capabilities the app is asking for. They can’t be bothered. What could possibly go wrong with the simple drawing app that somehow needs network access and the ability to read your contacts?

While it’s the job of your company’s mobile COE to vet apps used by employees for work, it’s good to have a backup plan. When performing due diligence on EMM packages for your company, make sure blacklisting and whitelisting are supported to prevent users from downloading objectionable apps. Additionally, EMM packages must prevent rogue apps from launching in the event an employee has already downloaded it. To ensure employees can only use a curated, internal enterprise app store, the ability to disable access to public app stores may also be a requirement. Clearly, this flies in the face of BYOD and some employees may reject having this functionality on their device. Containers may be better in some cases.

Protect corporate systems and reduce risk to your company by blocking apps containing code that can inflict harm. What is your organization doing to protect itself from malicious apps unwittingly downloaded by employees?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Click here to purchase a copy of my book today and start transforming your business!

May 12, 2016October 16, 2022

Reduce Corporate Expenses by Configuring Devices and Delivering Apps to Users with MDM

When you’re ready to deploy #apps or provision Wi-Fi, certificates, VPN or email to #mobile devices, get an #EMM solution to provide #MDM.

With the basics of device-level security and policy enforcement covered by Exchange ActiveSync, you’re ready to take the next step in providing value to your employees. Extending access to PIM, delivering apps to devices and provisioning functionality over the air was the reason the earliest mobile device management (MDM) packages were built. I should know since I co-founded the first cloud-based MDM company back in 2003. The space has broadened significantly and is now referred to as enterprise mobility management (EMM) with an evolving set of features. The MDM component of EMM delivers:

Support for the most widely used mobile operating systems
Software lifecycle management that deploys, upgrades and retires apps
Operating system configuration management that enforces the IT policies applied to devices, monitors compliance and provides auditing
Simplifies users’ lives by provisioning pre-configured settings for email, VPN, Wi-Fi and certificates via profiles
Asset management and usage of devices and apps
Telecom expense management
Service management and remote helpdesk support capabilities
Scalability to support hundreds of thousands of devices

Reduce your expenses and improve user productivity by remotely configuring devices and delivering apps to users without needing additional support staff. What is your organization doing do help employees configure their mobile devices and get the apps they need?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Click here to purchase a copy of my book today and start transforming your business!

May 3, 2016October 16, 2022

Improve User Experience by Extending Wireless to Customers and Employees

Use #Femtocells + #mobile broadband routers to extend #wireless to mobile customers & employees without coverage in buildings or at remote work sites.

It goes without saying that not all organizations are the same. They don’t all reside in offices in downtown skyscrapers or on corporate campuses. The way employees work and how customers are served varies greatly. It’s important your mobile strategy reflects these differences.

Let’s talk about employees that don’t work in your Wi-Fi saturated office. Just because your workforce has corporate-liable or personally-liable mobile devices, doesn’t mean they have the wireless coverage to make them work. In the construction business, you have a group of employees performing tasks outside at a work site. To ensure this team can connect to corporate resources, you may need to deploy a Femtocell and a mobile broadband router. This is a mobile hot spot on steroids that allows you to extend cellular coverage to areas where you need it.

Oftentimes you have to extend wireless coverage to your customers. If you own a sports stadium you have to enhance coverage while supporting a higher density of connected devices. If you own a casino or convention center, it’s imperative you provide pervasive indoor cellular coverage so your guests can keep using their phones. These cases require you to deploy microcells as well as additional data backhaul capacity. As always, apply pressure on mobile operators to provide network coverage if they want to keep your business.

Improve customer experience and user productivity by extending wireless coverage to employees and customers alike. What is your organization doing to bring wireless to its important stakeholders?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Click to purchase a copy of my book today and start transforming your business!

April 27, 2016October 16, 2022

Improve Productivity by Publishing Services to Mobile Employees via a Web Gateway

Rather than extending your entire #network out to #mobile devices via #VPN, publish individual services through a #web gateway or the #cloud.

Most remote employees gain access to Intranet resources through a virtual private network (VPN). Using 3^rd party or built-in software, employees provide credentials and sometimes a smartcard to create a VPN tunnel. Once created, employees can securely exchange data with internal resources. This is anything but seamless and employees find setting up VPN sessions and re-authenticating due to dropped connections to be a hassle. They want to access things the same way they do on the Internet.

Let’s take a look at a better mobile reality. Most companies around the world use Microsoft Exchange for corporate email. For more than a decade, mobile users on virtually every platform have been able to securely sync their email without first creating a cumbersome VPN connection. This was possible because Exchange publishes its Active Sync service through a reverse-proxy over TLS. The email app is responsible for passing credentials to the server. It works the way mobile employees expect all their mobile apps to work.

You can do this too by publishing your internal web sites and REST + JSON APIs on port 443 through a reverse proxy that lives at the network edge. Reverse proxies are appliances or server software that let you create a multi-channel access gateway. Of course, when you move your workloads to the cloud, none of this will be needed anymore.

Improve user productivity by eliminating the need to create cumbersome VPN connections to achieve secure connections. What remote access technology changes are you making at your organization to make life easier for your employees?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”