Home > Security

Computerworld - We live in an era that increasingly demands anywhere, anytime access to all of our business resources. What started with giving pagers to our most critical employees has evolved into ubiquitous use of cell phones and Wi-Fi access almost anywhere, even in McDonald's.

Most recently, we've seen a trend toward Internet-enabled applications, Web mail, intranet portals and new Secure Sockets Layer (SSL) virtual private networks (VPN). More employees want access to their e-mail, data and applications wherever they are.

If you work in a large organization, chances are that you have anywhere, anytime access to corporate data and resources through one or more of the following applications:

• Web mail: Microsoft's Outlook Web Access, IBM's iNotes products and other programs allow access to e-mail from any machine connected to the Internet.
  
• Internet-enabled applications: Companies like Citrix Inc. and Computer Associates International Inc. offer products that enable access to corporate applications and data from any computer with Internet access.


• SSL VPNs: These VPNs don't require provisioned software on the user PC, but rather they allow employees to connect from any device with Internet access.

Organizations that use these types of software realize significant benefits. Companies can reduce hardware and software costs, decrease IT management overhead associated with provisioned software and reduce help desk costs by providing a more user-friendly environment in which resources can be easily accessed. All of this adds up to a significantly lower total cost of ownership for these technologies. Managers recognize the value of this type of access, and employees are demanding it.

But now the question is, how do the IT and security managers protect these connections? It's hard enough to secure corporate laptops, which for the most part are out of the direct control of the IT staff. The problem becomes more difficult when the IT manager is faced with protecting completely unmanaged, noncorporate systems used by employees who are logging in from home, from a business partner's machine or from a public kiosk.

	Scott Olson, CISSP, is senior vice president of marketing at WholeSecurity Inc. in Austin. He has worked in computer security for 11 years, including serving as a member of the Air Force Computer Emergency Response Team, co-founding WheelGroup Corp. (acquired by Cisco Systems Inc. in 1998), and leading product and marketing efforts at NetSolve.

The growing trend of Trojan horses and other eavesdropping software makes anywhere, anytime access to company data risky. IT managers need to understand and address the threat that exists on the endpoint to ensure that anyone accessing corporate data is protected,