Endpoint Data Protection: Potentially Helpful, Definitely Confusing

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

IT executives, CEOs and CIOs should spend some time discussing the definitions given to various security approaches before even thinking about purchases. Some names refer to specific technologies, while others are umbrella terms over a group of point products. Even when there is general agreement on this key question, definitions often subtly vary from vendor to vendor.


That lack of precision is one takeaway -- perhaps unintended -- from this story about Bloor Research's Endpoint Data Protection market update. The writer says endpoint protection is comprised of hard disk encryption, removable storage encryption, internal/external PC port and device connection control, external device control, multi-factor authentication, mobile encryption and control and file-level control.


The broad scope of endpoint data protection is underscored by the vendors mentioned in the full report. They include PGP, GuardianEdge, Credent, Checkpoint, Lumension, Vontu, McAfee, Utimaco, Symantec, BeCrypt, Microsoft, BigFix, Centennial, Entrust, GFI, DES, Safend, iAnywhere, Information Security, Mobile Armor, TrueCrypt, WiMagic and DeKart. Not only are the companies a healthy mix of big and small, but they cross many security-related sub-disciplines.


The complexity of knowing precisely what is and what isn't in an umbrella-type security package is apparent in this Burton Group post. The writer expects endpoint anti-malware -- even the term raises questions, since it is not the same as endpoint data protection -- to include nine functions that he names. There also are four management layers that must be available. It gets pretty cloudy: The writer suggests that it is a good idea to look at what market leaders Symantec and McAfee are doing. However, he seems to say that the two are falling short of the fulfilling the entire list he says is mandatory.


In its announcement that Grange Insurance is using its gear, GuardianEdge avoids falling into the hugely confusing world of trying to describe endpoint data protection. The release prudently focuses on the ability of the gear to protect laptops. The release emphasizes that easy-to-deploy approaches are necessary for Grange, which operates in 13 states and has a highly mobile workforce. The release does say that GuardianEdge Device Control offers full disk or multi-partition encryption.


Such a splintered and confusing landscape lends itself to big players, since they have the financial, marketing and related resources to put the pieces together. This often takes the form of acquisitions, but also can be partnerships. This spring, Credant Technologies integrated its Mobile Guardian platform with Symantec's Altiris management platform. This, the release says, enables the Altiris platform to manage Credant encryption, auditing and protection tools used on laptops. The release provides a lot of details. The bottom line is that this appears, at least in part, to be an effort to simplify a complex sector.


A company apparently taking a different approach to endpoint data protection is Datacastle. In April, it introduced a product that, according to this story, can be offered to end clients through managed service providers. The story doesn't do much to allay the confusion. It says that "just about every traditional security software company is moving into managed endpoint security." The point is that these companies do a variety of things, so the managed endpoint security sector is bound to be confused. The story goes on to scold Datacaster about its claims to provide "unbreakable security."


Even conceptually simple things like antivirus and firewalls are interpreted in many ways. Those issues are bound to be multiplied when the subject is a truly arcane and omnibus platform such as endpoint data security. Security officers and their bosses who sign the checks should be ready to deal with this confusion as they research these potentially helpful platforms.