Securing the “World of Many”

Managing the Changing IT Landscape: Mobile Device Security

With the recent focus on the Internet of Things and the rapid emergence of wearable technology, it’s clear to me that these devices will begin to find uses in the enterprise. And as these use cases emerge, IT and security professionals alike will need to find ways to securely integrate these connected devices. Security represents a critical foundation that makes this innovation possible—especially in an environment that is increasingly mobile and more reliant on data analytics for developing insights to drive the business forward.

A new digital threat landscape

Since many of the business use cases are likely to be mobility based, security is top of mind. PCWorld recently looked at the top threats for this year, and mobile malware is a key concern for IT. The rapid rise of mobile devices and applications, as well as the maturity of the market, have given attackers plenty of time to ponder the best attack strategies.

According to the article, “Variants are adopting tactics from PC malware—employing encrypted command and control servers, and polymorphism,” and that “the perfect storm is on its way.” That storm will likely include connected devices, virtual currencies like Bitcoin, and ongoing data breaches much like the recent Target attack.


Effective security requires a multilayered approach. The responsibility falls on the user, the business (IT), and the device manufacturer to ensure that everything possible is done to prevent malware, viruses, breaches, privacy leaks, and stolen information. The Intel IT team implements a multilayered dynamic trust model that weighs these factors. The stronger these protections are and the more trust a device has, the higher the level of data and network access granted.

With more users and more mobile devices, the security risks increase exponentially. However, there are added protections around network access and authentication that can help IT and security professionals mitigate these risks while enabling mobile technology in the enterprise.

A simpler, more secure VPN

In this complex environment, stronger authentication at the hardware level becomes critical. VPN access will always be a required component, but it’s not always easy to use. One of the latest enhancements to 4th generation Intel® Core™ vPro™ processors is a “no-password” mobile VPN experience that helps protect your network and makes it easier for users to sign in. It also lets users stay focused on the task at hand instead of trying to remember multiple passwords.

Blog graphic.jpgHardware-based two-factor authentication

This no-password VPN experience is made possible with access-point protection that can validate that an actual user (not malware) is logging in from a trusted device. This two-factor authentication technology uses hardware-based private keys, one-time password (OTP) tokens, and public key infrastructure (PKI) certificates at the hardware level.

Because the credentials are secured inside the platform, the information can’t be compromised or removed from the device. This not only eliminates the need for a separate physical token, but it also saves businesses the cost of supporting traditional smart card or token storage options.

Cisco enables secure mobile productivity

Cisco is an example of a manufacturer deploying these technologies in the Cisco AnyConnect* solution for mobile users. AnyConnect* works directly with Intel® technologies and Intel architecture-based devices to make it easier to identify both the user and the device, and further boost VPN security at the hardware level.

It’s all about mobile authentication that better protects your business and your users. “Cisco is committed to providing the tools to make sure that the right user, on the right device, is granted the right level of network access—from any location,” says Russell Rice, senior director of Cisco’s Secure Access and Mobility Group.

How does your organization maintain security in a mobile environment? What new approaches will be required to manage the security implications of wearables in the enterprise?


Chris Peters is a business strategist with more than 21 years of experience ranging from Information Technology, manufacturing, supply chain, nuclear power and consumer products.

Find him on LinkedIn.

Follow him on Twitter (@Chris_P_Intel)

Check out his previous posts and discussions

#ITCenter #MobileSecurity