Security Beyond the Firewall

Computerworld - Corporate networks are under siege. With battalions of hackers toiling night and day to find entry points for attack, systems managers have only hours to close security holes before an invisible enemy tries to exploit them.
Newfound vulnerabilities must be sealed promptly with software patches, a task that is hard enough within the LAN and that becomes more challenging the farther computing devices are from the corporate hearth.
Yet under competitive pressure to make the sale and improve service at the front lines, companies are pushing more and more technology beyond the firewall into the field. Executives carry laptops around the globe, sales reps rely on handheld devices or dashboard-mounted Win32 machines, and retail and restaurant clerks use increasingly complex store systems designed to improve customer service and cut operational costs.
In this unpredictable environment outside the corporate firewall, where each device is a potential target, efficient patch distribution is essential. Nevertheless, sad experience has shown that simply rolling out patches to the field doesn't provide adequate protection. Patch management must be combined with full-featured systems management tools in order to ensure the security of remote and mobile devices -- and the enterprise network to which they connect.
Facing the Realities of the Frontline Environment
Mobile and remote devices are by their nature more vulnerable to attack than LAN PCs. The fact that laptops, handheld devices and smart phones are carried on airplanes, tucked in purses or clipped onto belt loops makes it easier for them to -- quite literally -- fall into the wrong hands.
The more common danger, however, is that devices carried on one's person are more likely to be used for personal business. Forgetting that the device on which they practice chess can double as a hacker's pawn, users blithely change configuration settings, install unapproved software and connect to virus-infected home computers. As a result, each time they dial into the corporate LAN, they put the entire corporate network at risk.

Securing remote and mobile devices is complicated by the fact that the frontline environment is fundamentally different from the LAN environment. Mobile devices are only intermittently connected to a server, which makes it more difficult to schedule automated patch downloads. In addition, field-to-LAN connections often take place over low-speed, third-party networks that have limited bandwidth and are subject to interruption without warning.
Then there's the fact that users can't be relied on to carry out systems maintenance tasks, even urgent patch installations. Nor can they step next door to get help if something goes wrong