It seems like a day doesn’t go by without some mention in the news of a security breach or system compromise. And with all of the information out there these days regarding this person, organization or even government agency, it seems like nothing is safe!
The challenge is that we now live in a digital world and have grown increasingly dependent on being “connected” or “online”. Mobile devices have become ubiquitous. Can you even remember the last time you left the house without your phone? Unless you’re taking out the garbage, it doesn’t happen often, does it?
Take maps, for example. It used to be that you’d go down to AAA to get your maps before a road trip. Now, we just plug the destination into our phones. That challenge of folding and creasing the map to shrink it down to the section you need so you can access it while you’re driving is gone (probably much to the relief of the “don’t crease the map” and “you’re folding it wrong” crowd). We just listen to a “nice” voice providing us those verbal directions and feedback (with recovery) on our mistakes.
These apps work well and generally seem secure to me because they are sending instructions (one-way communications to the device) to me for my requested destination. I don’t have any need (or do I care) where the data is coming from – I just want it accurate and timely.
And I while I’m sure Google Maps and Waze have strong security protocols in place, their approach to security regarding me might be a little different since their data is being presented to me – I’m not trying to update their database or create new corporate data. I’m just looking at what information already exists.
But not all mobile solutions are utilized like map reference apps where data is just being displayed on the device. Some solutions also are used to capture new data and feed it back to the corporate environment for action. The devices used in those applications are viewed as a higher security threat.
At HL Group, all of our solutions work with mobile devices. And the nature of our solutions for the shop floor, warehouse operations or fixed asset inventories center on capturing and publishing data back to a “corporate” or core data source. Because of this, we have different options for minimizing risk that varies based on the solution type.
With our supply chain applications (manufacturing & warehousing), we have the luxury of working inside a physical environment (facility) and behind a network firewall. That means that the primary security challenge we face is to insure proper authentication of the mobile device to the network during log-on – basically making sure that the user has the right credentials. The benefit in these solutions is that our clients and their end users can leverage a security policy similar (and familiar) to what they already have for desktop and laptop users.
One of the unique features of our assetsPLUS solution is that it is designed to operate remotely – disconnected from the network. Part of the task process actually downloads all of the information a user needs to a mobile device so they can perform their work. This capability is beneficial when they’re outside of network coverage, when they’re at a separate physical facility or when cellular or Wi-Fi coverage is not available or allowed. Once they complete their work, however, they upload new or modified data back into the corporate database. And anytime you access that database, there is increased security risk.
We’ve addressed this risk by investing time into the “solution connectivity” and its functionality for the user. In the past, the security factor was a little easier when the only mobile devices were the legacy industrial handhelds.
Our architecture doesn’t require a cellular or Wi-Fi network option. This enables users to work outside of typical corporate environments in field sites, storage facilities, satellite offices, etc. By not requiring connection, the user wouldn’t need expanded authentication and networking for those outside locations. They could just do their work and then once they return, they could dock the device to their networked desktop and upload their work securely.
A new challenge came when we expanded device options to include smart device technology. The goal was to still provide the unique assetsPLUS feature for disconnected operations – but do so with tablets. Windows 10 Pro tablets were selected as a solid fit for usability – and security. These tablets offer a small footprint device (7”+ screen), have inexpensive barcode capture device options, and an easier network security procedure path.
Since the tablets Windows 10 Pro operating system is identical to one used by corporate Microsoft laptop users, these devices can use the same security procedures already establish by corporate IT. As a result, the assetsPLUS tablet users can securely communicate with their network – without requiring a cable option for security purposes.
As devices – and user preferences change – security needs will also change. A day never goes by without some level of worry about my company or my personal information that is digitally out there. My hope is that any other organization that works with me – and has my information – keeps the same level of focus and attention to security as we do.
Do you work with mobile devices – or want to? What are your security concerns and challenges?