Managing employees' Web use—and protecting their computers from the malware that seems to behind every other Web site—is challenging enough for a small businesses when workers sit in rows of offices and cubicles connected to the corporate network. But when they're out in the world with laptops and other mobile devices linked to myriad networks—at home, client sites, coffee shops, and airports—managing small business security can be a particularly daunting task.
OpenDNS, well known for its DNS services that offer safer and speedier Web browsing, now extends its reach with Umbrella Mobility, a cloud-based security service that aims to protect an organization's roaming workers wherever their jobs happen to take them.
Figure 1: The Umbrella Mobility service divides devices into two categories—roaming computers (Windows/Mac laptops) and mobile devices (iOS phones and tablets).
Using a test account of Umbrella Mobility provided to us by OpenDNS, we put the service through its paces. We found it easy to set up and to administer, and it offers a great deal of control over how mobile devices access the Internet.
Umbrella Mobility: Device Support and Setup
To get Umbrella Mobility up and running, the first step is to install a small software agent called a "roaming client" on each device you want protected. The roaming client redirects the device's DNS requests through a VPN to the OpenDNS network where lookups are screened and content policies applied before any data returns to the device.
Umbrella Mobility's roaming client supports systems running Windows XP through Windows 8 (but not Windows RT), Mac OS X 10.6 or later, and iOS devices with 5.1.1 or later. Notably absent from this list is Android support, which is under development and slated for release later in the year.
We tried Umbrella Mobility on a Windows 8 laptop and an iPad 2. In the case of Windows (or Mac) systems, you can download and install the client directly from the service's Web-based Dashboard, or simply download the file to distribute it through other means (i.e. unattended and/or bulk installs). To set up iPhones and iPads, users can download an app from the iTunes store or an administrator can issue an email containing a link to the download. In either case, we had each of our test devices configured in about 5 minutes.
Umbrella Mobility: Identities and Policies
The Umbrella Mobility Dashboard divides mobile computing devices into two categories—or "identities" as the service labels them. Windows/Mac laptops are referred to as roaming computers, while iPhones and iPads are termed mobile devices. The service provides a preconfigured default policy, which is automatically assigned to each new device; you can customize the default policy or add new policies and apply those to given identities or specific devices.
Figure 2: You can customize the block page that employees see when they try to access restricted content.
In addition to Umbrella Mobility's standard compliment of security features—it automatically blocks access to sites that OpenDNS thinks are linked to malware, botnets, and phishing—Web content can be filtered broadly ranging from Low (just blocks porn) to High (blocks pretty much everything not work-related, including Facebook, YouTube, and Webmail). You can also pick and choose from 59 different content categories to keep at bay, as well as whitelist or blacklist specific domain names.
Umbrella Mobility also lets you customize the page that users see when they attempt to access blocked content. This includes tailoring the message to explain why content was blocked, as well as allowing specific users to bypass the block on all or selected content. Alternately, you can generate numeric bypass codes that expire after certain date.
We found that both our test devices accurately reflected the policies we configured and blocked sites as appropriate, and Umbrella Mobility updated quickly. Whenever we made policy changes, connected computers reflected the updated configuration within several minutes.