Endpoint Security Without the Pain
Companies are finding tools and strategies to secure laptops, desktops and mobile devices without hobbling employees.
By Robert L. Scheier
January 23, 2006 12:00 PM ET
Computerworld - It isn't often that users are happy when their IT manager installs security software on their notebooks. Usually, more security means more passwords to remember, more restrictions on what software they can run and more hoops to jump through to get their jobs done.
 |
 |
Laura Davis technology team leader at Woolpert Inc.
Image Credit: Andy Snow |
|
But technology team leader Laura Davis says mobile employees at Woolpert Inc., an 800-user architectural and engineering firm in Dayton, Ohio, were "ecstatic" when she installed Senforce Technologies Inc.'s Endpoint Security Suite on their notebooks. That's because previously Davis had flat-out disabled their wireless access out of fear that hackers could use it to access the Woolpert network while users were also linked via their wired connections.
Or, to be more precise, she had tried to disable the users' wireless access. "We had a formal policy, we had the hardware disabled, we had the operating system configuration locked down," she says. But savvy users found ways to go wireless anyway. Davis is now about 50% through a rollout of the Senforce suite to about 300 notebook computers. Senforce gives users legitimate wireless access when they're on the road but disables their wireless—for sure—when they have a wired connection to the Woolpert LAN.
Davis' experience shows how endpoint security can benefit both individual employees and their employers. Fearing everything from privacy regulations to malicious insiders, many companies are adding more protection to endpoints such as desktop PCs, notebooks and handhelds.
IT managers can lock down users' systems in ways that limit which applications they can run, where they can make a wireless connection and whether they can copy a file to a USB memory drive. "But all the users will hate their guts, because they won't get anything done," says Clain Anderson, director of security at Lenovo Group Ltd. in Purchase, N.Y., which acquired IBM's PC business last May.
By paying careful attention to the needs of users and choosing endpoint security tools carefully, IT staffs can avoid creating overly strict security policies and elaborate network-access rules, as well as spend less time dealing with false alarms and tweaking security configurations, say users, vendors and analysts.
Done right, endpoint security protects critical data without putting the squeeze on users' productivity or IT managers' already overloaded schedules.
Threats and Countermeasures An endpoint is any intelligent, network-aware device that is under the control of an end user and can be accessed from outside the organization. The most obvious threat is the ubiquitous mobile computer with a wireless
Free Insider Guide