The general trend in corporate network management is the addition of mobility of users of the corporate network. Whereas traditional corporate networks have included a LAN and local desktop devices, the recent trend has been the introduction of mobile devices, such as smart phones, that are used by employees to work remotely. While allowing users to work remotely is desirable within an organization, from an IT perspective the mobility of users can present certain challenges.
A common challenge in organizations that allow mobile access to users is the need for reliable security solutions. For example, users within an organization may use several different platforms for accessing resources within a network. Users may use smart phones, such as Blackberries, iPhones, and Android devices, tablet computing devices, such as iPads or similar offerings with other mobile operating systems, laptops, or home desktops. The diversity of devices and operating systems employed by these devices can make it difficult to ensure security when users access computing resources within an organization's network.
A common solution requires creating security policies for a given mobile platform. For example, an organization may require that all iPad users use a strong password to protect their devices. The policy may also include the requirement that certain applications (e.g. blacklist applications) not operate on the device when a user is accessing computing resources within an organization. The policy may also include the requirement that certain applications, such as an application that allows a remote wipe of the device, be installed and running at the time of network access.
The rapid evolution of threats and the rapid changes in mobile devices accessing an organization's resources can make maintaining policies to keep up with threats difficult for IT administrators. As a result, organizations often maintain mobility management applications or other security software that ensures compliance of devices with security policies. These applications traditionally operate on local servers, allowing management applications to interface with local resources, such as Exchange servers and BlackBerry Enterprise servers (BES). However, the need to maintain these applications locally requires an organization to maintain dedicated hardware for the applications, and can make it difficult for an organization to keep up with changes to the applications, maintain current versions, and scale applications to meet growth in an organization. Accordingly, maintaining these applications can be a burden to IT resources.
A common trend in general software includes moving software outside of organizations to provide the software as a service. This so-called cloud-based approach has certain inherent advantages. For example, as an organization grows or the software updates, the user of the software need not be burdened with these updates and can easily scale the software to meet his needs. A cloud-based solution also provides certain billing options that may not be easily available with traditional on-premises managed applications. Whereas a traditional software licensing model may include selling software on a per-seat, unlimited-use basis, cloud-based software allows more flexibility, including the ability to bill customers for monthly use, actual use, etc. Cloud-based software can also be less intrusive or make it easier to outsource management and maintenance of the software. Cloud-based software can automatically give users access to updates as they become available, rather than requiring a user to pay a maintenance fee, or require a user to upgrade software each time an upgrade becomes available.
While cloud-based software has inherent advantages for certain types of software, a cloud-based approach does not necessarily work well for other types of software. For example, network management and mobile device management software can be difficult to offer as a cloud-based solution. Whereas traditional network management software can allow users to deploy policies that include changing the configuration of local resources, such as Exchange servers, BES, or user directories, the traditional security approach to corporate networks makes allowing these types of changes difficult to implement via the Internet. For obvious reasons, an organization does not typically allow changes to the configuration of security policies on sensitive resources, such as Exchange servers, via Internet connections. Instead, these types of changes are typically explicitly excluded via firewall policies. These firewalls, therefore, make it difficult to move security applications, such as network management and mobile device management applications, from a traditional locally maintained software approach to a cloud-based approach. There is therefore a need to enable applications that configure local resources to be moved to the cloud without sacrificing traditional firewall security.