Traditionally, Information Security and IT Admin would lock down devices as much as possible. However, in today’s mobile world, as people are traveling with their company’s mobile devices such as laptops all the time, these practices are facing new challenges.
Mobile devices are not on corporate network all the time. As soon as a device leaves enterprise network, IT might lose visibility of the device does not matter how heavily this device is locked down. If the laptop is stolen, or sometimes, it’s even the employee himself (internal threat) is stealing company’s data (Data Exfiltration), but IT has no visibility of device activities at all.
Some companies send all network traffics back to company’s own network so they can monitor all network traffics even when they are not on prem. However, the user experience has been heavily compromised especially when the users are traveling abroad.
What makes it even more channeling is, when a user is not physically on premise, IT Help Desk can only provide very limited support. Locking out user’s access simply becomes counterproductive.
As you can see, protecting those travelers is tricky. What are your thoughts and suggestions on this?