Mobile Access Security & Management Managed and Unmanaged Mobile Access to Windows Applications and Virtual Desktops from Smart phones and Tablets

Similar documents
Virtual Desktop Infrastructure and Server Based Computing:

Ericom AccessNow for Microsoft RDCB

WHITE PAPER. BYOD Here to Stay, But Organizations Must Adapt

IT Implications of BYOD in the Cloud Era

3. Connection Requirements In order to make a connection, you must know the following: Type of emulation needed in order to connect to the host. Metho

The Business Case for RDP Acceleration: Resolving the user-experience barrier to Terminal Services & VDI deployments

The Business Case for RDP Acceleration:

PowerTerm. Quick Reference Guide. Contents. 1 PowerTerm Requirements

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

A comprehensive security solution for enhanced mobility and productivity

PCI DSS Compliance. White Paper Parallels Remote Application Server

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Secure Mobile Access to Corporate Applications

Technology Infrastructure

Next Generation Privilege Identity Management

Google Identity Services for work

Securing Today s Mobile Workforce

Empower a Mobile Workforce with Secure App Delivery

How Parallels RAS Enhances Microsoft RDS. White Paper Parallels Remote Application Server

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

The Device Has Left the Building

Five Tips to Mastering Enterprise Mobility

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Desktop Virtualization Endpoint Solutions for SMB. Erik Willey The VDI Endpoint Authority

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Secure app and data delivery across devices, networks and locations

Mobility, Security Concerns, and Avoidance

Citrix Consulting. Guide to Consulting Methodology and Services

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Privileged Account Security: A Balanced Approach to Securing Unix Environments

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Enterprise Guest Access

SAS and F5 integration at F5 Networks. Updates for Version 11.6

The simplified guide to. HIPAA compliance

HySecure Quick Start Guide. HySecure 5.0

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

MaaS360 Secure Productivity Suite

A Guide to Closing All Potential VDI Security Gaps

Guide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com

HIPAA Regulatory Compliance

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

BlackBerry 2FA. Datasheet. BlackBerry 2FA

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Microsoft IT deploys Work Folders as an enterprise client data management solution

How Managed File Transfer Addresses HIPAA Requirements for ephi

Single Secure Credential to Access Facilities and IT Resources

Xceedium Xio Framework: Securing Remote Out-of-band Access

Securing Your Most Sensitive Data

ForeScout ControlFabric TM Architecture

XenApp, XenDesktop and XenMobile Integration

HIPAA Security Checklist

HIPAA Security Checklist

SERVICE DESCRIPTION SD-WAN. from NTT Communications

ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V

Mobility Optimized Access Layer

Microsoft Windows Server 2008 R2 Remote Desktop Services Session Virtualization and VDI Microsoft RemoteFX

Virtual Machine Encryption Security & Compliance in the Cloud

Improving VDI with Scalable Infrastructure

CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY. How Organizations Around the World Are Protecting Critical Data

Best Practices in Securing a Multicloud World

Maximize your investment in Microsoft Office 365 with Citrix Workspace

White Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device

Compliance in 5 Steps

BlackBerry WorkLife Persona. The Challenge. The Solution. Datasheet

Safeguarding Cardholder Account Data

Secure Access for Microsoft Office 365 & SaaS Applications

Cloud versus direct with VNC Connect

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

SIEM: Five Requirements that Solve the Bigger Business Issues

VNC Connect security whitepaper. Cloud versus direct with VNC Connect

Design and deliver cloud-based apps and data for flexible, on-demand IT

High Performance Remote Desktop Access for Mobile Users Without the Pain and Complexity of VPN/RDP

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

A company built on security

DigitalPersona for Healthcare Organizations

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

GDPR Update and ENISA guidelines

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

efax Corporate for Independent Agent Offices

Desktop virtualization for all

Secure Messaging is far more than traditional encryption.

Streamline IT with Secure Remote Connection and Password Management

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Cisco Virtual Experience Infrastructure for Government. Virtualize Your Desktop and Increase Agency Efficiency

Make security part of your client systems refresh

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Storage Made Easy. SoftLayer

Enhancing VMware Horizon View with F5 Solutions

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Locking down a Hitachi ID Suite server

2S00012W -Selling the Avaya IP Office Platform Overview. Selling the Avaya IP Office Platform Overview. October, S00012W

McAfee Skyhigh Security Cloud for Amazon Web Services

Support for the HIPAA Security Rule

Transcription:

WHITE PAPER Mobile Access Security & Management Managed and Unmanaged Mobile Access to Windows Applications and Virtual Desktops from Smart phones and Tablets Ericom Software www.ericom.com September 2012

Table of Contents Introduction... 3 The Challenges... 3 How the Connection Broker Can Help... 3 Mobile Device Support The Native Client Mismatch... 3 Bring Your Own Device... 4 Regulatory Compliance... 5 Encryption... 5 Ericom Solutions... 6 AccessToGo... 6 AccessNow... 7 PowerTerm WebConnect RemoteView... 7 Conclusion... 10 About Ericom... 11 www.ericom.com Page 2

Introduction The task of maintaining network and data security is one of an IT administrator's greatest challenges. In recent years, this already difficult task has been further complicated by the proliferation of mobile devices connecting to the network. This white paper discusses some of the challenges involved in delivering secure mobile access to organizational IT resources while also allowing for the use of mobile devices. The Challenges In this day and age of seemingly universal connectivity and the growing Bring Your Own Device (BYOD) trend, a growing number of employees, contractors, students and medical professionals are using a wide range of personal devices to access remote desktops and applications, running on the organization s servers. This uncontrolled access opens entry into malicious activity, leakage of data and exposure to malware and compliance risk. The task of providing users access to remote applications and remote desktops through their mobile devices might initially seem to be relatively straightforward. Even so, there are a number of challenges that the IT staff must overcome, especially with regard to Bring Your Own Device (BYOD).For example, end- user devices are almost always configured in an insecure manner, so it can be a major challenge to allow users to establish connectivity from such device while still maintaining your network s overall security and complying with any applicable regulations (HIPAA, SOX, FIDMA, etc.). How the Connection Broker Can Help One of the most effective techniques for addressing the security and manageability or remote desktops and remote applications is to deploy a connection broker. As the name implies, a connection broker manages inbound connections by matching users up with an available remote access session. In addition to this basic functionality however, a connection broker also centralizes the installation and maintenance of applications and / or desktops that reside on secure backend servers. This eases the burden of managing remote desktops and remote applications, while at the same time improving the overall security of organizational IT resources. Having centralized control over virtual desktops and remote applications eliminates the need to manually install applications or define settings on individual user desktops (or mobile devices). Instead, all administration and maintenance is performed at the server level with no need to service or upgrade end user devices. Mobile Device Support The Native Client Mismatch Although using a connection broker greatly improves remote access security and manageability, there are still a number of other issues that must be overcome when supporting mobile devices. One such issue is that connection broker and client mismatch. This can be especially true when you consider that end users may be using just about any make or model of mobile device. www.ericom.com Page 3

One of the reasons why connection broker / client mismatch can be such an issue is because some native clients (clients that are designed for a specific device or mobile operating system) are not compatible with connection brokers and therefore will not work in a managed environment. Of course the opposite can hold true as well. Some native mobile clients are only designed to run in a managed environment. Such clients are almost always designed to work with one specific connection broker. For example, the Citrix client only works with a Citrix backend. The manageability aspect of supporting mobile devices is one of the easier challenges to work around. Ericom for example, offers a native client called AccessToGo that can function in both managed and unmanaged environments. Bring Your Own Device The challenge of securing and managing mobile device usage is often made more complex when Bring Your Own Device (BYOD) is brought into the picture. BYOD is a trend in which users access data and applications through their own personal devices such as tablets and smartphones. Although once regarded as a fad, BYOD is accelerating rapidly and will probably become a new norm. There are several reasons why BYOD complicates mobile device security and management. First, the very nature of BYOD means that users will attempt to access network resources from all manner of mobile devices. The IT department is typically expected to facilitate end user device connectivity, regardless of the make or model of the device. This can prove to be a challenge because of the connection broker / client mismatch issues that were previously discussed. Another reason why BYOD can complicate the issue of security and manageability is because users do not typically implement adequate security on their own personal devices. When a user establishes a connection to the network from their personal mobile device, that device is in an unknown state. It might be configured with a strong password, or it might not have a password at all. The device could be running a clean configuration, or it could be infested with malware. Using a connection broker can help to mitigate at least some of the risks associated with otherwise insecure mobile devices. Once the user attaches to the organization s network through a VPN or through a remote access gateway, the connection broker may be the only thing standing between the user s device and sensitive network resources. The connection broker prevents the host server s IP addresses, open port numbers, and other information from being revealed to the mobile device. Beyond mitigating mobile device security and management issues, a connection broker also reduces IT support requirements related to accessing numerous applications from a device. The connection broker centralizes the maintenance of applications and desktops residing on backend servers (TS / RDS / VDI) instead of on the enduser s device, lowering both total cost of ownership as well as risks of malware contamination and distribution. www.ericom.com Page 4

Regulatory Compliance Another major issue that is often encountered when supporting mobile devices is that of regulatory compliance. Although not every organization is regulated, regulations such as HIPAA, SOX, and FISMA affect a large number of companies in America. Although such regulations may not always specifically address mobile devices, they do provide mandates for how data is to be handled and secured. These mandates remain in effect regardless of whether the data is being accessed from a mobile device or a PC, from inside or outside your network. As such, it is critically important to take any applicable regulations into account prior to allowing mobile devices to connect to resources on your network. Naturally, the requirements vary from one set of regulations to another, but often times your connection broker might make it easier to achieve regulatory compliance. This is especially true when it comes to issues such as the logging and monitoring of user sessions. For example, HIPAA sets the following requirements with regard to logging: Section 164.308(a)(5)(ii)(C) Log-in Monitoring requires that organizations monitor log in attempts and report any discrepancies. This requirement applies to both failed and successful logins. Section 164.312(b) Audit Controls requires organizations to implement hardware, software, and / or procedural mechanisms that record and examine in information systems that contain or use electronic health records. Section 164.308(a)(1)(ii)(D) Information System Activity Review requires organizations to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. These are just three examples of HIPAA requirements for auditing and logging user activities. Although HIPAA does not specify the exact manner in which auditing and logging must be performed, the law is very clear in that user sessions in which the user is accessing electronic health records must be audited. PowerTerm WebConnect is a comprehensive connection broker that can help to facilitate compliance with HIPAA and other similar regulations in this regard by offering features such as detailed logging and auditing, as well as real time monitoring of user sessions. (More on PowerTerm WebConnect in upcoming section.) Encryption It is impossible to discuss security without talking about encryption. In order to remain secure, data must be encrypted both at the storage level, and when it is in transit. All of the major sets of regulations address encryption in one way or another. HIPAA for instance imposes the following requirements: www.ericom.com Page 5

Section 164.306(a)(2)(iv) Encryption and Decryption (Addressable) requires an organization to implement a mechanism to encrypt and decrypt electronic protected health information. Section 164.306(e)(2)(ii) Encryption (Addressable) also requires organizations to implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. The HIPAA regulations as a whole are designed to outline requirements, but are purposefully vague in that they do not stipulate the exact mechanisms that organizations must use to comply with the requirement. As such, the requirements outlined above clearly state that protected health information must be encrypted, but do not detail the nature of that encryption. A connection broker such as Ericom PowerTerm WebConnect can also help to address this requirement. PowerTerm WebConnect provides built-in support for Secure Socket Layer (SSL) and Secure Scripting Host (SSH) encryption for secure communications. Ericom Solutions Each organization's access requirements and goals are different. Some companies may limit the use of mobile devices to certain employees (executives, field/sales people, third party consultants, independent agents); others may want to extend their use to the entire workforce. A successful mobile access security and management solution must be tailored to fit the relevant scenario. Ericom (http://www.ericom.com) offers a portfolio of products that can be used in combination, or each on their own, to address the range of security and manageability issues that come into play when supporting mobile devices. AccessToGo One such product is AccessToGo (http://www.ericom.com/mobile). AccessToGo is a native client for mobile platforms that specifically works with ios, Android tablets and smartphones. It is designed to work in both centrally managed (with a connection broker) and unmanaged environments. AccessToGois available in two modes: standard RDP (Free) and accelerated. In unmanaged environments, AccessToGo can optionally use Ericom's free SSL Secure Gateway for secure, encrypted remote access from the AccessToGo application to hosted desktops. In Accelerated mode, Ericom AccessToGo leverages Ericom RDP compression and acceleration technology to enhance remote desktop display performance by up to 10 times over slow network connections and WANs. These accelerated sessions are especially useful for viewing content that contains highly graphical images and animations, such as PDFs, streaming video, and 2D/3D images. Go to www.ericomblaze.com to learn more. www.ericom.com Page 6

In managed environments, AccessToGo connects mobile devices through a connection broker such as PowerTerm WebConnect to remote applications and remote desktops residing on remote servers and physical PCs. AccessToGo can also connect to desktops managed by VMware View, and the RDP connections are free. AccessNow Another solution offered by Ericom is AccessNow (http://www.ericom.com /Ericom_AccessNow_Products). Like AccessToGo, AccessNow is an RDP client that enables users to access remote Windows applications and desktops, hosted on RDS / Terminal Services / VDI. Where AccessNow differs from AccessToGo is that it does not require a dedicated native client to be installed on the user s mobile device. Instead, AccessNow provides browser based connectivity; any mobile client can establish connectivity to a remote Windows desktop or application, so long as the client is equipped with an HTML5 compliant Web browser. AccessNow is secure and easy to deploy and therefore ideal for use in BYOD environments in which users may need to use mobile devices and IT seeks to reduce support costs. With AccessNow, corporate data and applications are not downloaded to the device, and personal information and personal apps on the device are inaccessible by the corporate applications. AccessNow can also act as a high-performance gateway, enabling secure remote access to virtual desktops and terminal servers from outside the firewall. AccessNow also helps organizations to maintain business continuity by allowing employees to access their applications and desktops from any available end-point device, anywhere, without having to install any software or plugins. Moreover, end-user devices do not require any provisioning since remote sessions are accessed through a Web browser. PowerTerm WebConnect RemoteView Ericom s advanced connection broker, PowerTerm WebConnect, helps organizations improve information security and achieve regulatory compliance while reducing desktop management efforts and costs. PowerTerm WebConnect acts as a mediator, between end-users and hosted computing resources residing on any combination of Terminal Services (RDS), leading VDI hypervisors, Cloud services or Blade/physical PCs. www.ericom.com Page 7

PowerTerm WebConnect increases security since the servers that are hosting remote desktops or remote applications are not exposed directly to the Internet. Instead, remote users attach to the PowerTerm WebConnect Server, which proxies the user s request to backend resources. PowerTerm WebConnect RemoteView does more than act as a proxy for user requests. It also centralizes security by seamlessly managing authentication for AccessToGo and AccessNow clients. In fact, PowerTerm www.ericom.com Page 8

WebConnect RemoteView is designed to work with virtually almost any LDAP compliant directory server, including the Microsoft Active Directory, Novell s directory service, and iplanet. This approach reduces the overall management burden since user accounts only need to be managed in one place. For example, if a user account is disabled within the Windows Active Directory, then PowerTerm WebConnect RemoteView recognizes that the user account has been disabled, and will not allow remote access from that account. PowerTerm WebConnect RemoteView further enhances security through additional features such as encryption and two-factor authentication. PowerTerm WebConnect RemoteView also comes with the Ericom Secure Gateway (option) alternatively, RemoteView supports other SSL VPNs that organizations might already have deployed. www.ericom.com Page 9

Conclusion There are several considerations that organizations seeking to support remote mobile clients should take into account: 1. First, it is important to choose a solution that can provide connectivity from all network endpoints. The diversity of the user devices that are likely to connect to your network makes it essential to choose a solution that will work equally well with native clients and with browser based clients. PowerTerm WebConnect is such a solution. 2. More importantly, using the client side and the connection broker side both provided by Ericom ensures end to end security. Using AccessNow or AccessToGo in conjunction with PowerTerm WebConnect RemoteView ensures that the end user is using the appropriate configuration, and that authentication and encryption will function end to end. 3. Finally, the solution that you choose should be easy to deploy and easy to use, as well as cost effective. Ericom s solutions can be used to create a self-provisioned environment in which users can simply click on a link to connect to a remote resource. This ease of connectivity extends to virtually any device connecting from anywhere. www.ericom.com Page 10

About Ericom Ericom Software is a leading global provider of Application Access, Virtualization and RDP Acceleration Solutions. Since 1993, Ericom has been helping users access enterprise mission-critical applications running on a broad range of Microsoft Windows Terminal Servers, Virtual Desktops, legacy hosts and other systems. Ericom has offices in the United States, United Kingdom and EMEA. Ericom also has an extensive network of distributors and partners throughout North America, Europe, Asia and the Far East. Our expanding customer base is more than 30 thousand strong, with over 7 million installations. For more information about Ericom and its products, please visit http://www.ericom.com. For more information on Ericom s products and services, contact us at the location nearest to you. And visit our web site: http://www.ericom.com North America UK & Western Europe International Ericom Software Inc. Ericom Software (UK) Ltd. Ericom Software Ltd. 231 Herbert Avenue, Bldg. #4 11a Victoria Square 8 Hamarpeh Street Closter, NJ 07624 USA Droitwich, Worcestershire Har Hotzvim Technology Park Tel +1 (201) 767 2210 WR9 8DE United Kingdom Jerusalem 91450 Israel Fax +1 (201) 767 2205 Tel +44 (0) 845 644 3597 Tel +972 (2) 591 1700 Toll-free 1 (888) 769 7876 Fax +44 (0) 845 644 3598 Fax +972 (2) 571 4737 Email info@ericom.com Email info@ericom.co.uk Email info@ericom.com Copyright 2012 Ericom Software Ltd. Ericom and PowerTerm are registered trademarks of Ericom Software Ltd. Other company brands, products and service names are trademarks or registered trademarks of their respective holders. www.ericom.com Page 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback