End point devices are getting small, inexpensive, ubiquitous, easy to use- and easy to lose. For the individual who misplaces it, a combination of heartache and a headache to buy a new one and replace lost data is usually the case. However, a misplaced or stolen USB, CD ROM, mobile phone or PDA with sensitive data stored in it can leave a company vulnerable to a rival or worst yet- a lawsuit.
Much has been said and done about network security and reinforcing the guards that keep it tight. However, according to Benny Wan, Regional Director of Pointsec Mobile Technologies, with too much focus being zeroed in on network security, the growing concerns in end point security have been left unaddressed.
“Since year 2000, everyone is investing a lot of network security…10 out of 10 enterprise organizations already have their network security in place so it’s actually very secure….however, 80% of information lost is through end point devices and 0% of the budget is being spent on addressing it,” said Wan. “Most of the company security policy has become obsolete because of this. Despite realizing it’s a problem, it’s not their top priority. That’s the situation now, but it’s going to change.”
And change may be nearer than expected with the constant shrinking effect of storage devices, laptops outselling desktops and the proliferation of plug and play devices.
“The risk of data loss through unprotected ports and plug and play storage devices is a serious concern among all organizations in possession of confidential data. Once this sensitive information is copied through a port to a storage device- whether it is by a malicious insider or a well-meaning insider who is unaware of the security policy- it becomes vulnerable to loss, theft and unauthorized use,” stresses Marty Leamy, President, Pointsec Mobile Technologies, Americas.
USBs, along with other plug and play removable media devices, can connect directly into workstations and function without IT authorization or knowledge. With the current breed of the thumb sized USB’s having the capability to hold up to 8 gigabytes of data, the import of unauthorized data, unlicensed software, malicious code, games, screensavers and other inappropriate materials have become easier than before.
In a 2004 report, "How to tackle the threat from portable storage devices," Gartner Inc. advised companies to consider prohibiting or at least restricting the use of small, portable storage devices -- from USB keychain devices to iPods -- by employees and outside contractors who have direct access to corporate networks. The report also advised companies to institute a "desktop lockdown policy" that permitted only authorized devices to be plugged in.
However, in many cases drawing up a blueprint of the solution does not equate to executing one.
Fredrik Borjesson, Product Marketing Director, APAC, Pointsec has noticed a frequent staff turnaround trend in Asia, especially Singapore. He also realised that when employees decide to move on they make a conscientious decision to discreetly move with them private data- much to the dismay of their previous organization.
Pointsec Mobile Technologies, a recent acquisition by Check Point, has released the Pointsec Device Protector solution in South Asia which extends its enterprise data protection to include complete port and storage device management, effectively preventing sensitive information from falling into the wrong hands
Hailed by its manufacturers as the only product available which deals with internal threats through the combination of port management, content filtering and option media encryption, Pointsec will allow its customers to control their employee’s use of personal removable media devices such as USB drives, Bluetooth smartphones, digital cameras and music player that have wired or wireless connection to their work PCs.
As the security landscape evolves with increased technology innovation, so do the risks and customers concerns pertaining to data leak points. This product, which is available now, effectively prevents or limits data transfer to these devices through a configurable security policy and content filtering to ensure that corporate IT infrastructure cannot be used for illegal distribution of copyrighted content of installation of malicious software.
Added Wan: “This new addition to our offering allows organizations to effectively enforce the policy (that is laid out by organizations to mitigate data loss) and also perform a comprehensive audit trail...We have responded to customer demand with a simple, reliable way to secure and protect their data with low operational cost.”
|
