2. ENTERPRISE MOBILITY IS A MUST
Mobility is a must for Employees & executives of all kinds of organizations as
their business reach and markets spread to Enterprise levels.
Executives when mobile have to be equipped with access to data compulsorily
that goes beyond just mail access.
As of today the only available option is to provide executives with an internet
access facility mostly using a data card or a cellular modem. The executives
connect to Internet & then connect to their corporate networks using a dial up
VPN like L2TP, PPTP etc.
With the presence of internet channel, no matter what kind of VPN, encryption is used,
no matter using whatever methods to secure logins like 2 factor authentications with
OTP deployments etc, the organizational data on the hosts is exposed to internet.
Whatever end point security is deployed the risk of data loss is
predominant as there is no way the usage of the mobile host can
be controlled. Maximum it can be logged & later retrieved.
3. SECURITY IMPLICATIONS EXTERNAL
Whenever a user connect to a corporate network for resources, even if using a
highly encrypted dial up VPN due to the internet connectivity being the main access
source, the connected host can easily become a gateway for internet hackers to
get onto the corporate LAN network
CORPORATE DATA SECURITY IS EITHER 100% OR ITS JUST 0%
Corporates deploy various kinds of DLP systems, but these also don’t provide control
over corporate data existing on hosts like laptops of mobile executives.
Assessing a risk factor for any corporate network having mobile hosts, its always found
that there are enough security risks. The risk factor remains the same even if the
assessment is done taking into consideration the multi firewalls deployed, Intrusion
Prevention, Filtering, End Point security, DLP, VPN’s with strong encryption etc.
4. A NEW CONCEPT : MANAGED CONNECTIVITY & SERVICES
Private MPLS VPLS & no INTERNET
5. SOLUTION : EXTEND LAN TO FOLLOW MOBILE
USERS USING MPLS PVT CONECTIVITY
Spearhead TechServ provides a unique state of art solution wherein IT HAS ITS
OWN APN IN THE SPECTRUM SPACE OF NATIONAL CELLULAR PROVIDERS.
And TechServ connects to the National Cellular Provider Central DC by a PPP link
in burst bandwidth mode. On the service provider end it connects directly to the
CGSN port dedicated to the private APN
At the other DC the link terminates on an Advanced L3 Switch with every port being
capable of working as an independent collision domain.
The Private APN of TechServ is broadcasted across all the circles of the cellular
provider all over India. Any subscriber of TechServ no matter where he is his
device connects to the Private APN & in the next hop lands at Data Center to
which its to be connected.
7. INTEGRATION OF GSM & MPLS CORE
First & the only solution for 100% Security
Private APN is created and a solution is configured on a National GSM
network.
• Private APN service is activated on a Mobile Numbers data card provided for
data connectivity.
• Private APN Name is configured in GSM device (data card or
phone), terminal, module or modem to be used for data connectivity using the
corporate SIM card.
• When GSM device connects using Private APN it does not connect to Internet at
all. A direct secured connection MPLS connection is established to the corporate
network as desired by enterprise.
ANY EXISTING END POINT SECURITY PLATFORM CAN BE USED TO LOCK
A HOST or a LAPTOP TO THE FOLLOWING VARIABLES:
User name, password, mobile number, IMSI, IMEI, SIM Number etc
Even the static IP address can be permanently mapped to a host.
8. KEY HIGHLIGHTS
Secured Private MPLS Connection
Reduce total cost of ownership & running costs
Ensure Compliance with Company’s IT LAN policy to all
Prevent & Control Internet Usage. User access internet
through the Internet gateway at the organizational DC
0 Data loss possibilities. Link speeds from 3.5 mbps to 9
mbps. Performance at a latency that is lower than 60
to 70 % achieved over a dial up VPN.
CLOSE TO 0 CAPITAL COSTS. For all mobile users its just
corp data network that is being made available, not Internet +
VPN + NAC for authentication & authorization + End point
logs analysis for investigations