Navigating the endpoint security maze

There have been so many announcements during the past year about protecting corporate networks from intrusions and potentially infected mobile and remote clients that it’s becoming difficult to distinguish among them.

If you are seeking to secure your mobile and remote workforce, here are a few basic questions you might want to consider:

* How much of the implementation, integration, and management of the solution do I (meaning, the enterprise IT department) wish to assume and how much do I prefer that my security solutions provider do?

* Do I want the same entity providing my remote access connectivity and my security, or do I want them to be separate entities?

* Do I want to protect only the corporate network or the data on the client devices, as well?

Using this context, we’ll attempt to help navigate the endpoint security maze in this newsletter and the next one by comparing the basic approaches of iPass – the company with the most recent announcement – and its main competitors, GoRemote (formerly GRIC) and Fiberlink (with a bit of Cisco’s contribution thrown in for good measure).

The roots of iPass, GoRemote and Fiberlink are as network aggregators that offer global connectivity services to enterprises with traveling users. Each has branched out by layering security services on top of their global roaming services.

Most recently, iPass announced Policy Orchestration, a set of client capabilities to be available late this year. The company’s approach is to have enterprise customers themselves (or an integrator that the customer hires) deploy an iPass client on each user’s device that serves as a “coordinator” among whatever personal firewall, anti-virus, and VPN software the enterprise chooses to run.

Each time a mobile user tries to connect either to the Internet or to the corporate network using iPass connectivity services, the user’s session hits the iPass network first. Because of a significant integration job iPass has undertaken with a slew of security technology partners, an iPass server will check against that enterprise’s policy and make sure that each client is kosher in terms of version, patch, etc.

If something is out of sync, iPass can follow the enterprise policy in terms of what to do: quarantine the endpoint, remedy the version, patch the software, etc. This “assessment and remediation” step is common to many solutions being offered.

Bottom line: The iPass focus is on connecting and securing corporate networks from infections picked up by mobile, traveling users as well as securing data on mobile workers’ devices from infections on the public Internet.

We’ll compare this stance to the other players next time.