Secure mobile workplace

Growing consumerization features current IT-industry: computers become smaller and faster making employees much more mobile in solving daily tasks.

IDC company has carried out the research as a result of which it has been found out that by 2015 total amount of companies’ employees working remotely using mobile devices will have amounted to 1.3 billion users. It is more than 37% of total amount of employees using PC in their daily work. Mobile devices (notebooks, tablet PCs) indeed optimize employees’ work to a great extent allowing being more flexible in selecting workplace, facilitating work outside the office, implementing BYOD (Bring Your Own Device) policy, speeding up preparing endpoints for temporary employees, etc.

This solution allows facilitating using PCs for the employees at your company in several directions:

  • Optimizing BYOD policy in regard to meeting IT-security standards of the company.
  • Making work of remote employees more convenient and secure.
  • Creating endpoints for temporary employees optimally and quickly.
  • Enhancing information security on mobile PCs and external USB drives to a large extent.
  • Providing high security of network connections.
  • Creating required technical capabilities for implementing infrastructure of remote desktops (virtual desktop infrastructure).

Optimizing BYOD

According to the research of Magic Software company in 2013 the proportion of companies having implemented BYOD (Bring Your Own Device) policy will amount to 57.1%. BYOD indeed has a lot of advantages and employees’ satisfaction of its implementation is high enough. However the same research shows that users’ private PCs which are used as corporate ones in BYOD conception create significant IT-security breaches in the organization, because it is rather difficult to distribute company’s internal IT-security policies to all private PCs. This problem is efficiently solved by Windows To Go technology. It literally allows users to take their workplaces on separate USB-drives outwards the company’s office and locate it to almost any PC compatible with OS Windows 8. In this case the employee uses completely full-featured OS version corresponding to the company’s IT-policies and having all software required for his work.

In corporate environment for Windows To Go IT-department uses operating system which is prepared by IT-specialists in advance relying on user’s needs and keeping all internal IT-policies of the company. That is, the employee receives completely centrally configured operating system on a portable USB-drive. He can use his private PC to work with it according to BYOD but in this case the company’s policies including IT-security policies are not broken.

Facility and mobility

It often happens that employee’s mobile PC, e.g. notebook, has weight great enough. If the employee’s work includes frequent far business trips, then it is probable that carrying a bag with the notebook permanently can adversely affect the employee’s health and emotional state that can hinder him in doing his work well. Also the situation when the employee has to leave for business trip but the company is not able to provide him with portable PC is possible. In this case Windows To Go comes to help again, because a cheap and light USB-drive contains the full-featured employee’s “workplace”. It is enough to plug the drive in any PC compatible with Windows 8 OS and to boot from this drive. Concerning drivers for different devices connected to temporary PC is not required – Windows To Go contains a large pack of drivers for various devices (including video devices) and when starting for the first time determines all hardware components and installs all required drivers. No matter where is your employee – in cafe, hotel or airport – he can do his work and in case internet access is available he can connect to corporate resources using network connections configured in advance.

Temporary employees

According to the research of IDC company in 2012 the part of outsourcing in IT-industry had increased up to 60% and nowadays it is still extensively growing. For a range of reasons for many companies it is profitably to hire temporary employees to realize different IT-projects or to train the staff. However IT-departments often face to the problem of creating, configuring and maintaining workplaces for temporary employees. There exists specific software by using which IT-specialists can preinstall all required software on temporary workplaces remotely, configure it properly, monitor it regularly and update it in time.

However not all companies are ready to implement such large-scale products to their IT-infrastructure. In this case Windows To Go allows quick and cheap creating a single operating system image configured to solve specific tasks given to temporary team and quick creating required number of “clones” of this image. In such case temporary users can use even company’s corporate PCs to work on customer’s project. It is worth mentioning that storage devices containing Windows To Go are encrypted with Bitlocker technology, that’s why even in case of the storage device loss all data stay secured. Moreover, operating system run in Windows To Go mode does not allow user-contractor to access internal PC’s hard drive. This provides corporate IT-infrastructure with additional protection from riskware which can be on the hard drive.

Data encryption

Many employees store sensitive data (including corporate ones) just on their own PCs or save them to external USB-drive to have possibility to work with some documents at home or elsewhere outside the office. Kensington company in its research has found out that at the average every 50 seconds mobile PC is lost or stolen somewhere in the world. In 50% cases lost PCs (including corporate ones) contained critical business information:

  • Employees’ personal data
  • User credentials
  • Credit cards data
  • Data concerned IT-infrastructure security
  • Important e-mail addresses
  • Contact lists with data of company’s employees

This solution includes capability to encrypt both internal drives and external USB-drives strongly by using Microsoft Bitlocker and Bitlocker To Go technologies. This reduces the risk of receiving critical business information stored on corporate PCs by adversaries.

Security of remote network connections

When speaking about remote work of employees one should give special consideration to the security of remote connections, since employees staying outside the office have to use unsecure public networks (generally they are wireless access points in airports, hotels or other public places) as the main way to connect to corporate resources. In this case employees without any notice begin to share all data being forwarded including ones being critical for business with adversaries. This way of network attack is called Man-in-the-Middle. It is enough for an adversary to stay close to the source of unprotected traffic and just to intercept it and then to use it for his own purposes.

This solution implies implementing and using Microsoft Direct Access technology to protect data being transferred. Direct Access creates secure “tunnel” from the PC of remote employee to corporate IT-infrastructure. All data being transferred in such tunnel are encrypted by strong encryption algorithm and are transferred using IPSec protocol providing high data security level.

Virtual desktop infrastructure

Business processes in many organizations impose high demands on fault tolerance of IT-infrastructure. It includes fault tolerance of endpoints in different critical situations when users’ access to their workplaces is limited. This solution includes techniques for implementing full-featured Virtual Desktop Infrastructure (VDI). When using this technology employee’s workplace (desktop) is located not on the PC but on the specific server, to which the employee can connect remotely from any corporate mobile PC (including tablet PCs and smartphones) and continue working having full access to his documents and corporate resources. Depending on the specific realization of VDI the employee can connect to his endpoint using both special client application and common web-browser. This expands the range of mobile PCs being used.

If your company follows world trends in IT-industry (e.g. it plans to implement or uses BYOD policy) or if you want to organize secure, convenient and up-to-date working environment for your employees during business trips, for temporary employees or for the period of studying seminars and trainings, then we recommend you to choose this solution as the most efficient step of organizing infrastructure of mobile workplaces.

To know more about standards, recommendations and approaches to solving your problems you can use the special form.