Endpoint Security : Let the users grumble
The security mechanisms that protect the corporate network and enterprise applications may be well established, but for many organizations, endpoint security remains a weak point -- and a big headache. You say you haven't done anything about that headache? Then take two aspirin and get going, because the cost of doing nothing is on the rise.
Taken together, the compliance requirements for protecting data against loss, the risk to the organization of intellectual property theft, and the support challenges arising from corrupted PCs and laptops make a strong case for tighter endpoint controls.
The problem is, users don't like endpoint security controls. They will accept antivirus and antispyware agents, and they may grudgingly accept a desktop firewall. But most users will grumble about anything that restricts the flexibility and freedom that the PC has come to represent. Overcoming those objections is a challenge. So is finding the right controls.
Gene Peters is deploying port-blocking software that allows policy-based control over the end user's USB, infrared and PC Card slots. A 1GB USB disk can carry a lot of information out the door. "It's just taking the level of paranoia to the next degree," says Peters, director of information services at the Philadelphia Stock Exchange. The software, from Safend Ltd. in Tel Aviv, leverages policies set in Active Directory and can allow one type of device to connect but not another. So, how do Peters' users react to such in-your-face controls? "We've gotten some pushback, but we've worked out all the issues and pretty much gotten our way," he says.
Part of that process is getting top management's support. Another part is getting the user to understand that in a business setting, there is no "personal" in "personal computer." These are business machines. If users don't like it, they should "suck it up and deal," as my preteen at home would say
CATEGORIES: 1endpoint security, 1compliance,1mobility,1policy enforcement
Taken together, the compliance requirements for protecting data against loss, the risk to the organization of intellectual property theft, and the support challenges arising from corrupted PCs and laptops make a strong case for tighter endpoint controls.
The problem is, users don't like endpoint security controls. They will accept antivirus and antispyware agents, and they may grudgingly accept a desktop firewall. But most users will grumble about anything that restricts the flexibility and freedom that the PC has come to represent. Overcoming those objections is a challenge. So is finding the right controls.
Gene Peters is deploying port-blocking software that allows policy-based control over the end user's USB, infrared and PC Card slots. A 1GB USB disk can carry a lot of information out the door. "It's just taking the level of paranoia to the next degree," says Peters, director of information services at the Philadelphia Stock Exchange. The software, from Safend Ltd. in Tel Aviv, leverages policies set in Active Directory and can allow one type of device to connect but not another. So, how do Peters' users react to such in-your-face controls? "We've gotten some pushback, but we've worked out all the issues and pretty much gotten our way," he says.
Part of that process is getting top management's support. Another part is getting the user to understand that in a business setting, there is no "personal" in "personal computer." These are business machines. If users don't like it, they should "suck it up and deal," as my preteen at home would say
CATEGORIES: 1endpoint security, 1compliance,1mobility,1policy enforcement
posted by Dwaine at 10/28/2005
0 Comments:
Post a Comment
<< Home