Securing from anywhere: Your mobile device VPN strategy

Virtual private networks have long secured remote users. Learn how a mobile device VPN factors into your security strategy.

Enterprises focus on business agility and cost savings first and everything else second. Business executives see mobile-enabled everything as the key to agility and better sales, so mobile devices on public networks will continue to multiply as enterprise end points. For many enterprises, the virtual private network (VPN) will be what secures that connectivity, and must be scaled and managed with that evolving world in mind.

Mobile device security measures

Many factors make the VPN a security bulwark for the mobile enterprise that serves mobile device users, as it has served laptop users in the past. First and foremost, the enterprise must embrace ever more mobile devices and build or support ever more services for them. Any business or process that involves staff not on-site has either already been mobile-enabled or is the subject of ongoing analysis to find ways to mobile-enable it. Pressure is growing not just to support more devices, but to support more kinds of devices: more platforms, more makers, more models and more devices categories (i.e., the next big widget -- perhaps Google glass)?

In addition, concern is growing about how to protect the enterprise from the threats that come along with mobile devices -- threats such as data leakage or system compromise. Tools deployed to secure the mobile face of business include mobile device management, mobile application management, private app stores, mobile content management and secure document shares. Devices get locked down; passwords get set; and remote-wipe policies are put in place.

Using mobile device VPNs in your security strategy

VPN fits in neatly with a mobile device security strategy as a means of securing access to enterprise applications and systems, especially for employees using Wi-Fi rather than cellular data to connect to those apps. Dropping a VPN client onto a mobile device makes remote devices behave as though they were on the campus WLAN. By forcing mobile users to come in via the VPN to access sensitive data or critical applications, the enterprise mitigates some of the risks of remote access, and does so via a centralized tool that makes it easy to manage access.

However, IT needs to be wary of and proactively address the problems that can come with adding VPNs to mobile devices: congestion, latency, and bandwidth and VPN over-subscription. Basically, network and security staff should assume not only that the VPN will have to support a rapidly increasing number of users, thanks to mobile devices, but also a rapidly increasing number of devices per person -- possibly all active simultaneously. It is becoming commonplace for a remote worker to have a laptop, tablet and phone all on and talking to enterprise apps at the same time. Consequently, engineers will have to make sure the VPN they have in place can handle increasing numbers of users, increasing throughput per user and multiple sessions per user. IT will actually have to consider the case of machine to machine (M2M) devices (which are user-less mobile devices) connecting to a corporate network via the VPN, too: a remote location sensor in a truck, for example.

Moreover, engineers will have to deal with impacts on related systems and possibly rethink how users work with the VPN. If the VPN requires Two-factor authentication, will it even work with the mobile devices and platforms the company wishes to support? If it is built around certificates, does the organization have the ability to get the certificates onto the mobile devices? And, if the VPN is delivered to the company as a service, can the company afford to scale up to significantly larger numbers of users and devices?

Although the VPN promises to continue to serve as a gateway to more secure enterprise application and data access in the mobile-enabled enterprise, IT will have to pay careful attention to make sure it steps into this expanded role smoothly and sustainably.

Next Steps

What to do about mobile data slowing your WAN

How to calculate mobile application bandwidth

Mobile networks complicate the WAN edge

This was last published in November 2013

Dig Deeper on Network Security