Blog

Home  /  Knowledge Base   /  5 Tips for Securing DeX in Mobile-Only Workforces

5 Tips for Securing DeX in Mobile-Only Workforces

[wt_spacer height=”20″ separator=””]

Samsung DeX offers the opportunity for enterprises to take “mobile-only” to the office, by offering a desktop-like experience on a smartphone. When docked with a screen, keyboard and mouse at someone’s desk, smartphones with DeX deliver a desktop-style UI, shifting back instantly when unplugged and carried away.

[wt_spacer height=”10″ separator=””]

The possibilities are intriguing for IT managers looking to simplify and reduce the number of desktops and laptops. But DeX raises another question: what about security?

[wt_spacer height=”10″ separator=””]

The short answer is, it shouldn’t matter. The smartphone doesn’t change because you stick a keyboard on it, so whatever security configuration and risk mitigation strategy you’ve designed for a CYOD deployment doesn’t change if DeX is in the picture.

[wt_spacer height=”10″ separator=””]

However, as security practitioners know, it always matters. The way the device is used changes: different apps, different use patterns, different network connections. And anytime there’s a change, security should take another look to make sure old assumptions still hold. So what are the key points for InfoSec managers to look at? Here are a few places to look.

[wt_spacer height=”20″ separator=””]

Check Your Devices’ Security Profile Again

[wt_spacer height=”10″ separator=””]

Absolutely the first place to look is your device security settings. There’s no special magic here, but rechecking assumptions on authentication (biometrics should be required, for example), application store restrictions and whitelist/blocklist settings, and patching requirements and schedules should all be first on your list when scrolling through your Mobile Device Management or Enterprise Mobility Management (MDM/EMM) policy settings.

[wt_spacer height=”10″ separator=””]

If you haven’t enabled work/personal dual-profile mode, now is definitely the time to reconsider. Keeping organizational applications and, more importantly, their data separated from home uses is even more important now than ever before.

[wt_spacer height=”20″ separator=””]

Make Sure Policies Are Updated

[wt_spacer height=”10″ separator=””]

If your CYOD policy and security profiles were put in place assuming a fairly casual use of mobile devices, definitely take a quick look at the policies themselves. With increased risk comes increased responsibility, and — as with security profiles — assumptions that were made when the CYOD or even BYOD policy was laid out may not hold true anymore.

[wt_spacer height=”10″ separator=””]

It can be simple things, such as cost reimbursements and stipends that need to change, but you should also look at any policies regarding safe use of devices and physical security, such as rules regarding device loss reporting.

[wt_spacer height=”20″ separator=””][wt_spacer height=”10″ separator=””]

Good CYOD policies also refer back to enterprise Acceptable Use, Data Protection and Information Security policies, so checking all of these fundamental documents to be sure they’re up-to-date for this new use is important — and shouldn’t take a lot of time.

[wt_spacer height=”20″ separator=””]

Get a Bird’s Eye View

[wt_spacer height=”10″ separator=””]

When smartphones are used with DeX, they act a lot more like desktop and laptop PCs, so they will probably be connected directly to enterprise networks when they’re in the office and not pass through a carrier’s data network.

[wt_spacer height=”10″ separator=””]

Now is a good time to look at how you want to engineer your internal networks. Old topologies that treated most desktop PCs as “trusted” devices with relatively few restrictions have fallen heavily out of favor with InfoSec architects. If you haven’t already reviewed and redesigned your in-building wired and wireless LAN to add more security controls and barriers, this is an excellent time to do so. There’s nothing particularly insecure about adding smartphones with DeX to your LAN; in fact, they may be more secure than their Windows PC brethren. But a DeX rollout is a good opportunity to step back and see if your LAN is properly secured using current security thinking and design paradigms.

[wt_spacer height=”10″ separator=””]

While you’re looking at security, don’t forget to also look at the capacity of the Wi-Fi network. DeX devices can be wired or wireless, so if you choose wireless access for the higher security it offers, check that your Wi-Fi network is tuned up and can handle the increased load.

[wt_spacer height=”20″ separator=””]

DeX Security Settings

[wt_spacer height=”10″ separator=””]

DeX, under the Samsung Knox protocol of security settings, includes forcing the use of ethernet – incredibly valuable for highly-regulated industries; the use of static IP addresses, and limiting applications. Additionally, there’s still control over configuration, enrollment, and management.

[wt_spacer height=”10″ separator=””]

Security is another area where smartphone vendors have learned from their desktop cousins. Samsung’s Galaxy smartphones are equipped with a full skillset of security features and capabilities, including:

[wt_spacer height=”10″ separator=””]

application sandboxing

• work/home protected application containers

• trusted execution environment (TEE) hardware

• full-disk encryption

• biometric sensors

• mandatory access controls

• tight integration with MDM/EMM agents

[wt_spacer height=”10″ separator=””]

It’s not a question of adding, upgrading or installing apps or tools — this is how Samsung Android phones with Knox come out of the box. With a stronger platform come fewer security incidents, tighter control on application-based malware, and a better approach to end-user computing security.

[wt_spacer height=”20″ separator=””]

The Importance of Uptime

[wt_spacer height=”10″ separator=””]

Most InfoSec managers spend a lot of time focusing on confidentiality and integrity of data and applications, but don’t forget there’s a third leg to that stool: availability. If a smartphone isn’t available, then your mobile worker isn’t getting any work done.

[wt_spacer height=”10″ separator=””]

Make sure you have a plan in place to deal with the inevitable device loss and damage scenarios that come naturally with any smartphone deployment. This means having spares ready, on hand and set up for quick deployment, but also knowing what you’re going to do if someone calls while on the road, or even at home, and needs a device replacement fast.

[wt_spacer height=”30″ separator=”” el_file=””]

Sources: Samsung

Post a comment