Secure Mobile Access for BYOD

If you are an IT manager responsible for defining your organization’s approach to BYOD, there are hundreds, if not thousands, of articles and guides available on the topic. Unfortunately, most BYOD articles overlook a technology that has been the workhorse for secure remote access for more than a decade: SSL VPN.

Originally designed for secure remote PC and laptop access, SSL VPNs have adapted and evolved over the years as BYOD morphed from a buzzword to reality for many organizations. SSL VPN solutions of today, like those offered by Array Networks and other networking and security vendors, offer a wide range of support for smart mobile devices. 

And, due to their unique position at the network edge, with visibility into the endpoints and policy-based control over access to network resources, SSL VPNs can be your first line of defense for BYOD – the foundation for your BYOD policy, if you will.

For example, SSL VPN solutions can provide granular access control based on user and role, and can apply host-checking to verify that personal devices meet security parameters like anti-virus, anti-spyware, personal firewalls, allowed OS version, etc. However, end-to-end security for data at rest and data in motion is just the beginning.

SSL VPNs truly come into their own for BYOD through their support for multiple access methods. Two of the biggest concerns of any BYOD strategy are separation of work and personal data and the potential for data leakage. The easiest and simplest way to mitigate these concerns is to prevent applications and data from ever residing on personal device. And the best way to achieve this is through intelligent use of access methods.

For example, using by using Layer-7 Web access, a robust HTML5 app may be deployed within a secure SSL VPN mobile client. Because all data associated with enterprise apps is stored in a secure container, it does not mix with personal data and applications, and because data cannot be saved outside the mobile client, data leakage is prevented. The secure mobile client can be remotely wiped in the event of loss or theft of a mobile device, and device-based identification can be used to prevent future SSL VPN connectivity by that device.

Another is example is Layer-4 RDP access to virtual desktops and applications. By providing access to centralized computing resources from within the secure SSL VPN mobile client, productivity is greatly enhanced, while the mixing of personal and business data is fully eliminated – as is the potential for data leakage. Data never leaves the corporate network and never resides on personal devices.

Finally, SSL VPNs provide the ability to support controlled Layer-3 network-level access. Select native business applications will require network connectivity, and although Layer-3 access opens up the network and the potential for data leakage, SSL VPNs provide the means to apply countermeasures that significantly reduce the risk of attack and data leakage.

For example, Layer-3 access can configured such that connectivity is provided only for specific native applications and such that connections remain open only as long as specified applications are in use. When combined with containerized native applications, SSL VPNs can enable Layer-3 access that creates a divide between personal and business data and at the same time shrinks the window for possible data leakage.

When the power of SSL VPN access methods starts to sink in, IT managers invariably draw some of the same conclusions and experience the same “A-HA” moment. The gears start turning, inventorying how many of their applications can be delivered to mobile devices using Layer-4 and Layer-7access in order to minimize the number of security vectors they will need to monitor. And making a mental note of the persons and applications for which there will be no way to avoid Layer-3 connectivity.

While SSL VPNs typically won’t get you 100% of the way to a complete BYOD strategy, the good news is they can play a fundamental role in an overall strategy – and can greatly simplify and reduce the need for the remaining elements of an enterprise-wide strategy.

Finally, it is important to note that not all SSL VPNs are created equal. When selecting an SSL VPN for secure mobile access for BYOD, there are some considerations above and beyond access methods that IT managers should look for in order to select a solution that will meet the needs for enterprise-class remote and mobile access.

These include scalability, both in terms of concurrent users and support for multiple communities of interest on the same system, performance – so as not to sacrifice the end user experience for security, support for a broad range of end-point devices, operating systems and browsers, and support for both physical and virtual SSL VPN appliances in order to provide both agility and performance as needed to satisfied the evolving needs of your business.