The SBC & BYOD: Helping With Mobile Device Security
An SBC can play several key roles in securing mobile endpoint devices.
Though typically deployed for managing SIP trunks within a unified communications environment, the session border controller (SBC) can have an important role to play in securing workplaces that have embraced a bring your own device, or BYOD, strategy.
Given the pervasiveness of BYOD today, many organizations ought to be considering the SBC for mobile security purposes. As we learned in the 2014 ZK Research Enterprise Mobility Survey, 82% of businesses now support the use of consumer devices in the workplace. This is quite the about-face from just a few years ago when many IT leaders were still fighting to keep personal smartphones and tablets out of the enterprise.
Even as they embrace BYOD, I'm not sure many IT leaders fully understand the security ramifications of the flood of mobile devices entering the workplace. With BYOD, the mobile phone or tablet is no longer a secondary device but the one primarily used by many workers -- especially business leaders. This means a tremendous amount of sensitive information, be that in the form of documents, conversations or text messages, passes through these devices. IT leaders must make endpoint security a top priority.
When the mobile devices are on the corporate network, the same network security mechanisms apply to them as other connected devices. But what about those millions of devices that access the network via public WiFi or cellular connections -- how should these be secured?
In traditional remote networking, corporate-owned devices such as laptops or even desktops become clients on a virtual private network (VPN). Communications between the user device and corporate network traverse a secure tunnel. This model works well because IT owns the asset on which it installs the VPN software and can ensure the software is always up to date. The VPN setup doesn't work so well when the company doesn't own -- i.e., control -- the mobile devices connecting to the network. In fact, I don't believe any of the solutions requiring local software and manual intervention work well in BYOD environments.
When unsecured personal devices connect to public networks, like hotel or airport WiFi connections, they are visible to other users on the same network. If you want to see how insecure some of these devices are, the next time you're logged into a public network, open up the Finder window on a Mac and see how many other Apple devices show up as a shared device. It's enough to make any chief security officer shake in his or her boots.
Without the right security, any transmitted information -- passwords, customer data, sales data, e-mails, contact information and so on -- is viewable by other devices on the network. For endpoint protection, many organizations have turned to mobile device management (MDM) solutions, which allow them to containerize applications and manage devices remotely. However, MDM solutions do not protect the data in transit.
So, VPNs can't be used and MDM doesn't help, so what's a security professional to do? This is where the SBC fits in.
SBC to the Rescue
An SBC can play a key role in verifying the authentication and encrypting the communications between endpoints and the network. The SBC can protect sensitive information against breaches that, as we have seen recently in the media, can be so crippling to businesses.
In addition, the SBC gives IT better control over what workers can access. For example, IT can use the SBC to create a connection between a mobile device and the communications manager, allowing workers to have access to UC applications while preventing access to unauthorized files or databases. A good use case for this would to enable remote call center agents. The SBC can create a UC connection to interact with customers but block all other access to company information. This type of connectivity would have been difficult to engineer with a more traditional VPN.
Lastly, SBCs can block network access from deactivated mobile devices or accounts, as would be the case when an employee leaves the organization or even changes roles within the same organization.
I strongly endorse the use of consumer devices at work as they are much better able to meet the needs of today's highly distributed and mobile workforce. However, IT leaders should ensure the right security is in place to allow workers to do what they need to do, without putting the business at risk. While not often thought of as a BYOD enabler, the SBC does play a critical role in securing mobile devices.
Read my post from earlier this month, 5 Ways SBCs Can Control Real-Time Communications, to learn about another role for the SBC.
Follow Zeus Kerravala on Twitter and Google+!