Enterprise Mobile Device VPN Requirements
Virtual private network (VPN) refers to the secure connectivity between a mobile device and a VPN gateway or server installed within the corporate network. When a VPN tunnel is established between a device and the VPN gateway, all communication over that tunnel is encrypted. This encryption provides security for data being exchanged between the device and the corporate network.
Hackers can snoop on data that isn't encrypted as it's on its way to the device. For example, it's possible for a hacker at a café to snoop on unencrypted data being received on another person’s device. This is why you want end users to connect via VPN when they're accessing corporate data in public places.
You may have used a VPN to connect to your corporate network from your PC at home. Similar technology is available for several mobile devices. A VPN connection encrypts the data communication from and to the device, thereby making it impossible for hackers to intercept and steal the data being exchanged.
So, the most critical requirement of data encryption is to enforce VPN access as a compliance requirement. If you are an IT administrator, that means enforcing VPN for all mobile device users to connect to their work e-mail or other applications. Most VPN vendors like Cisco and Juniper have VPN solutions available for some or all device types.
Enforcing VPN on mobile devices requires you to have a VPN server or gateway installed in your network. The devices need to connect to the server when setting up the VPN tunnel.
Here are the VPN policies you may want to enforce on mobile devices:
Allow users to check corporate e-mail, browse intranet pages, and/or use client-server applications.
Enforce strong authentication on the devices, including one or more of the following types:
Username and password
One-time password (passwords expire after just a single use)
Manage a single set of policies to set consistent VPN policies for not just mobile devices, but also Windows and Mac computers.
Certificate-based authentication and one-time password authentication require you to deploy certificates to mobile devices as well as set up infrastructure to configure the one-time password server in-house. Be sure to look up the vendor documentation for deployment guides and instructions.
Finally, VPN — or, in general, secure connectivity from mobile devices to the corporate network — may differ from corporate devices to personal devices. For example, BlackBerry devices maintain a secure connection to the BlackBerry Enterprise Server that is typically installed within a corporate network, which saves you from needing a VPN. For all other mobile device types, you're better off requiring and enforcing a strong VPN policy.