Some security analysts believe focus in the industry has shifted from servers and networks to that of the endpoint, but Sean Wainer, country manager for Check Point Software Technologies, says it simply forms part of a broader strategy.
“I do not believe there has been a shift away from network to endpoint security. Network security or perimeter security is extremely critical to corporation information security, but recently endpoint security has become more of a necessity than an option for corporations,” he says.
With the proliferation of the mobile workforce, more sensitive and confidential information is stored and sent from mobile devices and needs to be secured, says Wainer. If data on the endpoint is not secured, it could result in a breach of a company's overall security, he adds.
Wainer notes that endpoint security is an additional layer to a company's overall security infrastructure and does not add or decrease the total cost of ownership (TCO). “What helps TCO is that with a total solution including an endpoint security layer you have a flexible security architecture that provides unification of all security functionalities in a flexible and expansible way.”
Check Point, according to Wainer, believes strongly in a total security strategy with unified security gateways, single agent at the endpoints and a single console management.
Wainer says it is essential to implement an endpoint solution right now. “Firstly, remote employees need to have a secure way to access the network. Secure remote access is critical to ensure business continuity in a mobile work environment and to keep the integrity of the security, especially in corporations where large investments are made in security infrastructure.
“Secondly, endpoints store data and that data needs protection whether it is on a server inside the perimeter or on an endpoint,” he states.
Not optional
According to Wainer, a June 2008 Dell and Ponemon Institute survey - 'Airport insecurity: the case of lost laptops' - revealed that 53% of professionals stored confidential data on their laptops.
Some 65% of these professionals did not have protection for that data and 12 000 laptops were lost in US airports each week. Another report, titled 'Enterprise@Risk: Privacy & data protection survey', by Deloitte & Touche and the Ponemon Institute, showed that 85% of privacy and security professionals surveyed had at least one reportable breach in the past 12 months.
“These numbers demonstrate clearly that data is not protected and based on various privacy and compliance regulations,” says Wainer. “Endpoint security is just not an option anymore, applying to all mobile devices, from PDAs and smartphones to laptops,” he adds.
Security is important to both SMEs and the enterprise, according to Wainer, who says a flexible architecture helps reduce the TCO for large or small companies.
In terms of security being a costly and onerous task for IT and the option of outsourcing being available, Wainer says there are several considerations for managed services. “The first one is TCO. When a company makes a decision to outsource its security, it needs to look at all costs: security itself, services subscription, electricity hosting, IT staff and downtime. If the solution is outsourced, the TCO needs to be lower than the sum of all these parts.”
“The second consideration is flexibility and response to changing business needs, such as rapidly deploying new security functionality such as DLP or VOIP security. If they can, at what cost and does the TCO then make sense? It is somewhat of a myth to think that managed services are less of a cost to the company,” he says.
Wainer concludes: “I think the most important thing to remember is to have an overall endpoint security strategy and to make sure you unify endpoint and network security.”
Related stories:
Check Point unveils security architecture
Symantec simplifies IT management
Share