5 Tips for Securing DeX in Mobile-Only Workforces
Samsung DeX offers the opportunity for enterprises to take “mobile-only” to the office, by offering a desktop-like experience on a smartphone. When docked with a screen, keyboard and mouse at someone’s desk, smartphones with DeX deliver a desktop-style UI, shifting back instantly when unplugged and carried away.
The possibilities are intriguing for IT managers looking to simplify and reduce the number of desktops and laptops. But DeX raises another question: what about security?
The short answer is, it shouldn’t matter. The smartphone doesn’t change because you stick a keyboard on it, so whatever security configuration and risk mitigation strategy you’ve designed for a CYOD deployment doesn’t change if DeX is in the picture.
However, as security practitioners know, it always matters. The way the device is used changes: different apps, different use patterns, different network connections. And anytime there’s a change, security should take another look to make sure old assumptions still hold. So what are the key points for InfoSec managers to look at? Here are a few places to look.
Check Your Devices’ Security Profile Again
Absolutely the first place to look is your device security settings. There’s no special magic here, but rechecking assumptions on authentication (biometrics should be required, for example), application store restrictions and whitelist/blocklist settings, and patching requirements and schedules should all be first on your list when scrolling through your Mobile Device Management or Enterprise Mobility Management (MDM/EMM) policy settings.
If you haven’t enabled work/personal dual-profile mode, now is definitely the time to reconsider. Keeping organizational applications and, more importantly, their data separated from home uses is even more important now than ever before.
Make Sure Policies Are Updated
If your CYOD policy and security profiles were put in place assuming a fairly casual use of mobile devices, definitely take a quick look at the policies themselves. With increased risk comes increased responsibility, and — as with security profiles — assumptions that were made when the CYOD or even BYOD policy was laid out may not hold true anymore.
It can be simple things, such as cost reimbursements and stipends that need to change, but you should also look at any policies regarding safe use of devices and physical security, such as rules regarding device loss reporting.
Go Mobile-Only With DeX
Good CYOD policies also refer back to enterprise Acceptable Use, Data Protection and Information Security policies, so checking all of these fundamental documents to be sure they’re up-to-date for this new use is important — and shouldn’t take a lot of time.
Get a Bird’s Eye View
When smartphones are used with DeX, they act a lot more like desktop and laptop PCs, so they will probably be connected directly to enterprise networks when they’re in the office and not pass through a carrier’s data network.
Now is a good time to look at how you want to engineer your internal networks. Old topologies that treated most desktop PCs as “trusted” devices with relatively few restrictions have fallen heavily out of favor with InfoSec architects. If you haven’t already reviewed and redesigned your in-building wired and wireless LAN to add more security controls and barriers, this is an excellent time to do so. There’s nothing particularly insecure about adding smartphones with DeX to your LAN; in fact, they may be more secure than their Windows PC brethren. But a DeX rollout is a good opportunity to step back and see if your LAN is properly secured using current security thinking and design paradigms.
While you’re looking at security, don’t forget to also look at the capacity of the Wi-Fi network. DeX devices can be wired or wireless, so if you choose wireless access for the higher security it offers, check that your Wi-Fi network is tuned up and can handle the increased load.
DeX Security Settings
DeX, under the Samsung Knox protocol of security settings, includes forcing the use of ethernet – incredibly valuable for highly-regulated industries; the use of static IP addresses, and limiting applications. Additionally, there’s still control over configuration, enrollment, and management.
Security is another area where smartphone vendors have learned from their desktop cousins. Samsung’s Galaxy smartphones are equipped with a full skillset of security features and capabilities, including:
• work/home protected application containers
• trusted execution environment (TEE) hardware
• full-disk encryption
• biometric sensors
• mandatory access controls
• tight integration with MDM/EMM agents
It’s not a question of adding, upgrading or installing apps or tools — this is how Samsung Android phones with Knox come out of the box. With a stronger platform come fewer security incidents, tighter control on application-based malware, and a better approach to end-user computing security.
The Importance of Uptime
Most InfoSec managers spend a lot of time focusing on confidentiality and integrity of data and applications, but don’t forget there’s a third leg to that stool: availability. If a smartphone isn’t available, then your mobile worker isn’t getting any work done.
Make sure you have a plan in place to deal with the inevitable device loss and damage scenarios that come naturally with any smartphone deployment. This means having spares ready, on hand and set up for quick deployment, but also knowing what you’re going to do if someone calls while on the road, or even at home, and needs a device replacement fast.