There’s no doubt that your enterprise is consistently looking toward greater security, especially in the face of today’s BYOD trend, which seems to present a whole new set of threats as you aim to defend your business, operations, and clients.
People bring their own devices to work--- and despite everything, they want to use those personal devices on corporate or government networks. And the reverse happens as well: employees want to use company-issued mobile devices to work from home or while on-the-move. Given that the majority of end-point users have no idea what mobile device hygiene means, employees who either take the BYOD approach or use corporate devices outside the firewall are putting their organizations at risk.
How do you keep these employees happy while also securing the enterprise?
You need to do this in a way that doesn’t compromise your security. But here’s the problem: depending on the size of your organization—the IT team managing mobile endpoints like mobile phones may not be the IT team managing your networking policies. In today’s increasingly mobile and security-fraught world—the need for a holistic security approach that extends from the data center to the mobile application endpoint is paramount. You put your enterprise at risk by not having such a strategy.
Many organizations tackle this challenge by extending the security of a VPN down to the mobile application—beyond even the device itself.1 While a per-app VPN approach resolves many of the security concerns in even finer detail than a device-level approach, gaps still remain in security. Per-app VPNs expose all the domain’s endpoints and services to an application. In many ways—it’s still the same old “giant perimeter” approach to security with secure tunnels through the wall. But once through the wall—it’s a free-game to everything in your data center. Your first line of defense must be more solid than that.
And there is a way it can be - but it involves being able to employ a network security strategy that essentially extends the secure tunnel all the way down to the specific endpoint (or workload) in the data center. This most secure approach to this tunnel method is called micro-segmentation. However, if your data center has thousands of workloads – each with their own unique security conditions, how do you maintain effective security policies?
Creating a virtual network using VMware NSX, which logically separates every single virtual unit within the network, is a great answer. Unique security policies can be applied to each virtual device at the hypervisor level and the in the virtual network as a whole. Yes—even to a per-app virtual private tunnel. This micro-segmented approach takes endpoint management to the next level, restricting application-level access to a specified endpoint on the data center.
Extending the VPN and tunneling policies to applications and mobile devices down to the individual workloads and endpoints creates an end-to-endpoint security approach ideal for today’s mobile world. But you also need a solution that unites your mobile device management policies seamlessly to your networking policies. And one way to do this is with VMware technologies – by using both AirWatch® for MDM down to the mobile application and extending VPNs out to them with micro-segmented security delivered by VMware NSX.
This integration of AirWatch and NSX secures corporate data accessed via mobile devices by controlling what users have access to in the data center. IT admins can create policies that dynamically follow mobile application resources, as well as tie directly to users. By incorporating NSX’s security features into AirWatch, you can:
- Improve network security and granular controls for mobile workflows
- Accelerate digital workspace initiatives and BYOD deployments
- Reduce mobile access footprint to the data center at the application level
- Speed up mobile app delivery, testing, and automation with easily deployed security policies
Why not engage with Clearpath Solutions Group today to discuss how together, NSX and AirWatch can serve as your enterprise’s first line of defense, delivering a holistic security solution that ensures your safety - down to the mobile application itself. Doing so can make your enterprise more secure in the mobile, BYOD world of today!