OpenDNS is perhaps best known for its namesake service that provides users with an optimized DNS service, but that’s not the only thing the company does.
OpenDNS also has security services providing users with cloud-based malware protection. That service is now being rebranded as ‘Umbrella’ and is also being extended for the first time to Apple iOS devices.
OpenDNS CEO and Founder David Ulevitch explained to Datamation that there are a few different ways the Umbrella mobile security offering can be deployed to users.
“The IT administrators can provision accounts for all the employees who then get a link to download the app from the AppStore,” Ulevitch said. “The IT administrator can also roll out a mobile configuration.”
Ulevitch noted that if an enterprise is already using a Mobile Device Management (MDM) solution, they can just deploy the Umbrella configuration that leverages the existing iOS VPN support. The mobile configuration defines the setting required to connect to the Umbrella service via a secure VPN tunnel.
“Unlike traditional VPNs that will take you back to the enterprise headquarters, this one will take you to the closest OpenDNS datacenter, to improve latency and performance,” Ulevitch said.
Apple iOS users have control over their own devices and can potentially simply disable the VPN. While that might present a challenge for a basic VPN, Ulevitch is confident that the Umbrella approach mitigates that risk.
“From our end, we can detect very quickly when a user has disabled the VPN and so we can alert the administrator,” Ulevitch explained. “Our goal is to provide security and we want it to be on all the time.”
While Ulevitch wants Umbrella to be on all the time, he also wants to provide users with a degree of transparency about what is going on. That’s where the App comes into play.
“The app gives the user an indication of what the current policy is,” Ulevitch said. “Users may not be able to modify the policy, but at least they know that sites are logged and malware and botnet detection has been enabled.”
Since Umbrella is a VPN connection, all app traffic is protected providing what Ulevitch described as a full wrapper around the phone. That’s a different approach than the Split Tunnel VPN that has been commonly deployed in mobile solutions. In a Split Tunnel approach, only traffic that is headed for the corporate network is carried over the VPN. The rest of the traffic is carried on the regular public unsecured Internet.
“A Split Tunnel is a bad idea because if you are hit by a drive-by attack, you have created a secure entrance into your corporate network,” Ulevitch said. “That’s why we really think that security should be on all the time, for all of your traffic.”
The issue that usually holds enterprises back from using a full VPN instead of just a split VPN is all about performance. Typical enterprise VPN connectivity is slower than public Internet access. The OpenDNS approach has a global footprint that accelerates DNS as well as lowering connection speed latency.
The overall goal for Umbrella is to make it easier for users to be secured.
“Our appeal to end users is not to sell them the service,” Ulevitch said, candidly. “Our buyer is very much the network security administrator.”
The end user, of course, is still important, in that Ulevitch wants the service to be as unobtrusive and as pervasive as possible.
“It doesn’t matter if you have the most effective security solution in the world if it sits in a box,” Ulevitch said. “If it never gets deployed then it’s useless.”