Endpoint security: "Essential security" or "Impossible dream"?

Smart phones and other holiday gifts raise device security questions anew

Simmonds is a member of the management board of the Jericho Forum, an organization pushing for innovation in e-commerce security, and is also chief information security officer for a large, global chemicals corporation. Here, Simmonds
speaks out on the topic of endpoint security.

It's that time of the year. Many employees will receive gifts during the holidays that will impact your network perimeter and security. Of course, we are referring to the millions of new smart phones, laptops, and other mobile devices that will come with requests to be connected to corporate networks following the holidays.

Actually it doesn't really matter whether it's a personal device, or a corporate push for "consumerization" as a cost-saving measure. Are we, as IT security practitioners, fully prepared to protect our businesses against the ever increasing number of devices that are creating new entry points into a once-tight system, and further eroding our perimeters?

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Simmonds is a member of the management board of the Jericho Forum, an organization pushing for innovation in e-commerce security, and is also chief information security officer for a large, global chemicals corporation. Here, Simmonds
speaks out on the topic of endpoint security.

It's that time of the year. Many employees will receive gifts during the holidays that will impact your network perimeter and security. Of course, we are referring to the millions of new smart phones, laptops, and other mobile devices that will come with requests to be connected to corporate networks following the holidays.

Actually it doesn't really matter whether it's a personal device, or a corporate push for "consumerization" as a cost-saving measure. Are we, as IT security practitioners, fully prepared to protect our businesses against the ever increasing number of devices that are creating new entry points into a once-tight system, and further eroding our perimeters?

It's not just the personal devices - it's about the business requirements needed to connect users to our systems, both business-to-business (B2B) and business-to-consumer (B2C), including consultants and contractors who bring with them their own laptops. Companies, such as BP and KLM/Air France, for instance, are exploring giving staff "PC allowances" to buy and support their own IT equipment. All these devices are placing new demands on business' capability to provide trusted access to services.

As IT security leaders, our job is to marry security with business needs - in this case, to define and implement end-point security measures that enable our companies to achieve optimum results by securely conducting business in an open-network, mobile world.

The Jericho Forum believes that end-point security is about raising the level of inherent trust in computing devices, to a point where all the devices involved in any transaction meet the criteria of trust required for that transaction. Simple to say, but the technologies to achieve this are severely lagging.

The "old" model whereby an organization is going to dictate how every end-device is going to connect, and specify both the end-point software and network hardware standard is flawed in all but the smallest organizations. In any reasonable size organization, the likelihood of being able to mandate that all (internal) network connections are on the latest network hardware capable of supporting Network Access Control (compare products) is exceedingly unlikely.

In addition, we need to ask - is there client software for every type of client you want to connect to your network? And, don't forget the Linux systems, the multi-function photocopiers, the Windows NT devices and your obsolete factory control systems. Now what about all those mobile devices and "toys" that everyone received as presents… and all this is assuming that you can mandate fitting the software in the first place, because your home users are not likely to want corporate mandated security software on their own PC's (or Macs). Remember security is only as good as your weakest link.