By Tim Coogan, Operations Director-Energy Vertical, Cisco, and Mick Shaw, Customer Solutions Architect-Energy, Cisco Like many large organizations, energy companies are embracing collaboration to help control costs, streamline processes, and better extend expertise to the field. Real-time collaboration can be a powerful way to rapidly bring teams of E&P professionals together from anywhere, to share information and make more informed decisions. But to be successful, collaboration must also be secure enough to protect both the company and the interests of its customers. It is easy to understand why E&P companies are so security-conscious given that the effects of security breaches span far beyond the specific data-set or asset that was affected. The largest majority of data originating from the field contains highly sensitive intellectual property, valuable customer data and asset information that if compromised, could ruin a service provider’s reputation and jeopardize future contract bids on a global scale. Energy companies need to be completely certain that their collaborative environments in the field deliver the same iron-clad security that their IT groups require in the office. As people become more technologically savvy, network security needs are rapidly changing. Employees routinely bring their own smart phones, tablet computers, and laptops to work, and companies are embracing this “bring your own device” (BYOD) model. Although BYOD is a great way to empower employees with communication devices that are comfortable and familiar, it also creates new security challenges. While E&P companies regularly employ robust security measures to keep unwanted devices out of their corporate network and data repositories, it’s an underestimated fact that most threats actually originate from the inside; whether that be of malicious intent or not. Additionally, through the wide-scale adoption of BYOD, users now employ devices which, for the most part, have complete administrative functionality and are not ‘locked down.’ An architectural, policy-based approach to network security is key to safeguarding communications in the office, on the road and in the field. With the right identity and access control policy platform, E&P companies can gather contextual information from networks, users, and their devices -- in real time, regardless of where they are working. Additionally, administrators and managers can use that information to make proactive governance decisions by tying identity to devices in the network. With identity-based network access, E&P companies can authenticate users and determine whether they are accessing the network on an authorized device that meets the security standards. The companies can assign access to specific applications or parts of the network based on a user’s job role, group or other policies. These can also track employees’ identity, location and access history for compliance and auditing. To safeguard information and assets while employees are communicating with one another, organizations can employ a centralized virtual private network (VPN) gateway together with VPN client-side software. Sophisticated encryption protects voice, video and data traffic, while intrusion prevention inspection and web threat defenses maintain the integrity of the information in transit, along with protecting individuals and devices from malicious subversion and exposure. Well-planned security architecture must also consider where data is being stored. If a communications device like a smart phone or tablet is misplaced or stolen, energy companies need to be sure that confidential information cannot be readily accessed or retrieved by an unauthorized party. By employing a cloud-based solution and virtualized environments (VXI/VDI), organizations can store important data on their own servers or use a third-party service, whereby data is only viewed and manipulated instead of actually being downloaded and stored on the end-user device. Most energy companies employ exceptionally large workforces of whom the largest majority requires access to network resources. Administrative burden to manage BYOD based access can become manageable if properly designed and executed. The simplest methodology to achieve this is through the facilitation of self-registration using existing corporate security methodologies such as LDAP and active directory. Once the user has corporate permission to add their personal devices, they connect to the network using their usual access credentials and the device itself receives ‘on-boarding information’ in the form of an appropriate security certificate and 802.1x profile information. With robust architecture-based security in place, E&P companies can safely take advantage of the insurmountable business benefits that rich collaboration offers. At the same time, the companies can be assured that sensitive communications and intellectual property remains safe, whether in an office or at a drilling site thousands of miles away.