• United States
by Steve Taylor and Joanie Wexler

Teleworking and its security challenges are growing

Mar 23, 20042 mins

* Remote-user security enforcement options expand

Work trends indicate that the remote-client security challenge is only growing larger and more complex.

Home-based teleworking by U.S. employees has grown nearly 40% since 2001, according to the International Telework Association & Council. In 2003, ITAC reports, there were 23.5 million teleworkers with employers and another 23.4 million self-employed teleworkers.

This explains the rash of managed client-security services from remote-access connectivity companies. Among them:

* GRIC Communications’ Total Security Protection service, introduced last month.

* iPass’ Endpoint Policy Management offering, launched in October.

* Fiberlink’s Dynamic Network Architecture and Extended360 secure client service, announced in September.

These network-connectivity companies have integrated security partners’ point-product security software technologies into a policy enforcement and remediation service as a value-added option. The services either block remote access or automatically update client security software if it doesn’t comply with corporate policy when a user attempts to authenticate to the network.

As an alternative to using a service, you can opt to man these check points yourself.

For example, worldwide carrier Infonet’s MobileXpress Professional remote-access service, announced last week, contains a complementary software tool kit that reportedly lets you manage end-user security-policy compliance from a single portal-based interface. The connectivity service itself adds wireless access to its existing dial-connectivity options via Wi-Fi hot spots, GSM/GPRS and CDMA 2G services in the U.S. These wireless-access options, plus CDMA EV-DO and Personal Handyphone Service, are available in Japan.

Meanwhile, companies such as Sygate and Zone Labs offer centrally managed client/server policy enforcement software that you install. Zone Labs also recently announced a clientless solution – dubbed Integrity Clientless Security – to mitigate risks posed by endpoints accessing the enterprise network via the Web and Secure Sockets Layer VPNs.

The software enables enterprises to enforce security on third-party PCs, such as those used by consultants and other business partners. More on consultant-access issues next time.