| Businesses around the world are being bombarded | | | | directly on the platform to be protected, rather than on |
| with sophisticated threats against their data and | | | | a security appliance designed to filter the content and |
| communications networks every day. | | | | serve as a buffer. |
| As enterprises invest heavily in fortifying their IT | | | | Managing Security Level - making sure all the |
| infrastructures and enforcing comprehensive and | | | | computers have installed the latest security updates |
| constantly upgraded security policies against malicious | | | | and enforcing a unified security policy can be very |
| code attacks, another home-grown threat - the mobile | | | | difficult. When the computers themselves are at the |
| workforce - is opening the floodgates to compromised | | | | frontline, these security weaknesses can be disastrous |
| enterprise data and corporate network contamination. | | | | to the entire network. In other words, it's "all or nothing", |
| Though mobile working offers gains in commercial and | | | | either the entire network is secured or nothing is |
| operational value, enterprise security policies often stifle | | | | secured. |
| the effectiveness and productivity of mobile | | | | Consequently, many organizations adopt tough security |
| workforce devices. | | | | policies prohibiting most wireless networking options |
| Here we examine why best of breed softwares, in | | | | (significantly limiting user productivity and remote |
| isolation, are not able to provide the mobile workforce | | | | computing freedom), or imposing strict, costly and |
| and their laptops with the same high level security | | | | difficult to enforce cleansing procedures for laptops |
| afforded to office based workers. | | | | that return from the "field". |
| Two lines of defence in a protected corporate | | | | Best of breed software made mobile |
| environment | | | | A growing number of CSOs have decided to place |
| Currently organisations anticipate, detect, and prevent | | | | computers behind a robust security gateway, usually a |
| threats from laptops attacks via a layered approach. | | | | dedicated security appliance, to counteract the current |
| This is coupled with centralized, uncompromising IT | | | | weaknesses in laptop security. |
| policy which overrides an individual's control over his | | | | Unlike PCs, these appliances are equipped with |
| her own laptop. | | | | hardened operating systems that do not have security |
| As IT departments prioritise corporate IT governance, | | | | holes, "back-doors", or unsecured layers. They are |
| their primary method of effectively enforcing | | | | designed with a single purpose, to provide security. |
| organizational security policies is by controlling all | | | | The fact that these security appliances are |
| networking components. | | | | hardware-based and not software-based provides the |
| When connecting to the Internet from within the | | | | following advantages: |
| corporate network, laptop users are protected by two | | | | Cannot be uninstalled - security attacks often start by |
| lines of defence: | | | | targeting the security software, and trying to uninstall it |
| A comprehensive set of IT security appliances running | | | | or to stop its activity. |
| secured and hardened Operating Systems, and | | | | Software-based security solutions, as any software |
| security software including firewalls, Intrusion | | | | program includes an uninstall option that can be |
| Prevention/Detection System, antivirus, antispyware, | | | | targeted. |
| antispam, and content filtering, all of which are | | | | In contrast, appliance-based security cannot be |
| completely controlled by the respective corporate IT | | | | uninstalled as it is hard coded into the hardware. |
| organization. | | | | Non-writable memory - hardware-based solutions |
| Personal firewall and antivirus software installed on the | | | | manage the memory in a restricted and controlled |
| user's laptop and controlled by the user. | | | | manner. Security appliances can prohibit access to its |
| In addition, when laptops are within the protective | | | | memory, providing greater protection against attacks |
| corporate environment, the organization's IT | | | | on the security mechanism. |
| department can exercise full and consistent control | | | | The use of hardware allows the combination of a |
| over (and visibility of) any device, which is a critical | | | | comprehensive set of security solutions in a single |
| operational consideration. This means the IT team | | | | device. |
| can:consistently update respective laptops with data, | | | | Hardware also allows the combination of |
| policies, etc.monitor the entire network effectively | | | | best-of-breed enterprise-class solutions with |
| vis-?-vis the status of all network components. | | | | proprietary developments working on both the lower |
| Outside the safe zone | | | | and higher levels (e.g. packet and network level, |
| Once a laptop starts 'roaming' outside the enterprise | | | | application level etc.). |
| governed network, the 2-line defence system no | | | | In addition, the well known tension between users and |
| longer applies, as the laptop is essentially no longer | | | | IT managers over their computing freedom can be |
| protected by the corporate security appliances layer, | | | | overcome via hardware. |
| and is exclusively dependent on the security software | | | | On one hand, users want to have complete freedom |
| installed on the local operating system. | | | | when using their computers, while on the other hand, IT |
| The roaming laptop is exposed to potential threats | | | | managers try to enforce security policies (e.g. banning |
| from nearby wireless and wireline devices (in hotels, | | | | the use of P2P software). |
| business lounges, airports, WiFi at Internet Cafes, etc.). | | | | By using a security appliance, IT managers solve the |
| These threats signify a danger far beyond the scope | | | | conflict between the user's desire for computing |
| of the individual laptop, as intrusive code may proceed | | | | freedom and the IT manager's desire to control and |
| to use the laptop as a platform for breaching | | | | enforce security policies. |
| corporate security, once the laptop had returned to its | | | | With software, policy is part of the laptop or computer, |
| base, and is connected to the network. | | | | whereas through an appliance security policy can be |
| Relying solely on the best of breed software on the | | | | enforced outside the laptop and the user has complete |
| laptop is flawed due to: | | | | freedom inside the safe computing environment. |
| Operating System Inherent Vulnerabilities - by definition, | | | | In conclusion, to provide corporate level security for |
| security software running on Windows is subject to | | | | laptops operating outside the safe office environment, |
| inherent Windows vulnerabilities, effectively exposing | | | | CSOs should consider layered security architecture on |
| personal firewall and antivirus applications to malicious | | | | a hardware appliance. |
| content attacks. | | | | A dedicated appliance can hold all of the best of |
| Unknown Threats - the security software can only | | | | breed security softwares, and is able to re-introduce |
| defend against known threats. By the time these | | | | the two lines of defense enjoyed by office based |
| threats are added to the knowledge base, it may be | | | | PCs. |
| too late. | | | | By introducing a security gateway, should security be |
| Immediate Damage - malicious content executes | | | | breached, the damage stops at the gateway. |