Endpoint Security Concern Remains High


One of the greatest challenges in data security is protecting a moving target. With laptops, netbooks, smartphones, portable hard drives and other multiple devices, developing a good security plan can be a complex project. And let's complicate the problem more by adding in the layers of security necessary for different devices and different users.


In a white paper, IDC stated:

Endpoint security is central to many security problems IT has to deal with. . . . Recently, IT threat management has taken a new tack, focusing on data protection and wireless control. IT departments are looking for a simplified solution to their many-faceted security problems.

Tim Greene addressed the issue of endpoint security in an article for Network World. Perhaps the best point of defense is to determine a security plan that understands the device itself. Greene wrote:

For instance, Wyoming Medical Center in Casper, Wyo., has four classifications of PCs -- open PCs in hallways for staff use; PCs at nursing stations; PCs in offices; and PCs on wheels that move between patient rooms and handle very specific, limited applications.

In his article. Greene also points out that one of the fastest-growing areas of mobile devices, smartphones, have unique security issues.

The newest class of device -- smartphones -- is presenting ongoing challenges as organizations figure out how to deal with them. Particularly dicey is whether to allow employees to use their personally owned devices for business and to access the business network.
The jury is still out, at least among state government CIOs. A recent survey by the National Association of State Chief Information Officers says that of 36 states responding to a survey, 39% say they allow personal smartphones if they are protected by state security measures. Twenty-seven percent say they don't allow personal smartphones on their networks, 17% say they are reviewing state policy and 17% say they don't have statewide control -- each agency sets its own policies.

Jon Oltsik, in his Network World blog, goes into greater detail on smartphone security technology.


So which security technologies are most important for mobile device protection? According to a recent ESG Research survey, here are the top 5:

1. Device encryption (51% of respondents rated this as "very important, 34% rated this as "important")

2. Device firewall (48% of respondents rated this as "very important, 37% rated this as "important")

3. Strong authentication (46% of respondents rated this as "very important, 41% rated this as "important")

4. Antivirus/Anti-spam (45% of respondents rated this as "very important, 37% rated this as "important")

5. Device locking (44% of respondents rated this as "very important, 41% rated this as "important")

Emerging technologies will certainly keep a focus on the increasing need and equally increasing challenges of instituting endpoint security.