Designing an Enterprise Security Strategy for Mobile Intranet Access

Modern IT allows new markets and business process for many enterprises. One aspect is that new networks tolerate intranet access from almost any location. Some examples include completing health insurance contracts online at the customer or supporting a maintenance team with company expertise while working at customers. However, the increasing mobility of employees brings also high risk from a security point of view. This paper presents a decision support strategy for enterprises to decide on their security strategy for dealing with mobile intranet access. The paper only focuses on user authentication methods. Security protocols and encryption are - of course - needed but not in scope of this paper. The core idea is to derive generic scenarios and requirements for mobile intranet access which can be weighted to represent the needs of a specific company. Optimal solutions can be found by analyzing the model. The output is a rated ranking of different authentication techniques for the company.