User Account

All Pages

Users say protecting network end points

Assignment Help Management Theories
Reference no: EM131052499

CASE

Users say protecting network end points is becoming more difficult as the type of endpoint devices- desk tops, laptops, smartphones-grows, making security a complex moving target. The problem is compounded by the range of what groups within corporations do on these devices, which translates into different levels of protection for classes of users on myriad devices. "Deciding the appropriate device defense becomes the No.

1 job of endpoint security specialists," says Jennifer Jab bush, CISO of Carolina Advanced Digital consultancy. Depending on the device and the user's role, end points need to be locked down to a greater or lesser degree. For instance, Wyoming Medical Center in Casper, Wyoming, has four classifications of PCs: "open PCs in hallways for staff use; PCs at nursing stations; PCs in offices; and PCs on wheels that move between patient rooms and handle very specific, limited applications," says Rob Pettigrew, manager of technical systems and help desk for the center. Pettigrew is deploying Novell Zen Works to 850 of the center's 900 PCs in order to make sure each class has the right software. With 110 applications and 40 major medical software systems, that makes a huge matrix of machine types and restrictions to contend with, he says.

In addition, physicians in affiliated clinics can access via SSL VPN (a kind of VPN that is accessible over Web browsers), but they are limited to reaching Web servers in a physician's portal, which is protected from the hospital data network. Some Citrix thin clients are also used to protect data from leaving the network but overall the strategy for unmanaged machines is a work in progress, Pettigrew says. "We're hoping to get more help desk to deal with the external physicians," he says. One concern that can be addressed by endpoint security is data privacy, which is paramount for the Los Angeles County Department of Health Services in California, says Don Zimmer, information security officer for the department. He supports about 18,000 desktops and laptops and operates under the restrictions of Health Insurance Portability and Accountability Act (HIPAA) regulations. "That means disk encryption," he says. "If it's not encrypted and there is a breach, then we have to start calling people," he says. To avoid violating patients' privacy and a loss of public trust, the department encrypts the drives of all the PC end points with software from PointSec. Equally important is keeping sensitive information off movable media that can plug into USB ports.

The department uses Safend's USB Port Protector product that either denies access to sensitive documents or requires that they be encrypted and password-protected before being placed on the removable device. Everyone's talking about the insider threat. But protecting data can't supersede the requirement to give users the access they need to do their jobs-otherwise, soon you'll have neither business data nor employees to worry about.

Striking a balance between access and protection isn't easy, however. In an InformationWeek Analytics/DarkReading.com endpoint security survey of 384 business technology pros, 43 percent classify their organizations as "trusting," allowing data to be copied to USB drives or other devices with no restrictions or protective measures. Still, IT is aware of the need to move from a stance of securing end points to assuming that laptops and smartphones will be lost, good employees will go bad, and virtual machines will be compromised. Instead of focusing on end points, let fortifications follow the data: Decide what must be protected, find out everywhere it lives, and lock it down against both inside and outside threats, whether via encryption, multitiered security suites, or new technologies like data loss prevention (DLP). DLP suites combine network scanning and host-based tools to collect, categorize, and protect corporate intellectual property. These products can maintain an archive of data and documents, along with associated permissions by group, individual, and other policies. They then actively scan internal networks and external connections looking for anomalies. This takes data protection beyond perimeter or endpoint protection;

DLP facilitates internal safety checks, allowing "eyes-only" data to remain eyes only and minimizing the risk that sensitive data will be viewed by the wrong folks, even in-house. Zimmer says he is looking into DLP software as well that can restrict the access individual devices have to data. Although the technology can be effective, it also requires that businesses locate and classify their data so they can set policies surrounding it-a job that can seem insurmountable, depending on how data have been stored. For Pettigrew, this means finding the 5 percent of sensitive data stored outside the medical center's electronic medical records system. Rather than deal with many vendors for specific endpoint protection products, some businesses opt for endpoint security suites, such as those that evolved from the antivirus roots of vendors, including McAfee and Symantec. Sam Ghelfi, chief security officer at financial firm Raymond James, opted for Sophos's Endpoint Protection and Data Security Suite, which offers firewall, antivirus, data loss prevention, antispyware, encryption, and network access control (NAC).

The company wants tight control over the Web content that is available to users to minimize the malware coming in via basic Web browsing. The company uses a Sophos Web proxy that filters sites based on reputation, but also the content that sites return. Mobile devices that could contain confidential company information are disk encrypted, again using Sophos agents. If a device is lost or stolen, the encryption key is wiped out, making it impossible to decrypt the contents of the hard drive. Ghelfi says he believes in personal firewalls on individual machines because they can stop groups of devices from talking to other groups. "Centrally managed, they can reveal network traffic patterns," he says. He doesn't use all of the features of the Sophos suite, though. For instance, he is just getting around to implementing NAC to let unmanaged guest machines get on the network but still minimize risk that they are infected. That will clear them based on authentication, access method and type of machine, but for contractors that require access to the main network, he also insists that they install the Sophos suite. Other unmanaged machines, such as those of guests, are allowed access only through a dedicated wireless network that leads to a limited set of servers in a network segment flanked by firewalls, he says. "Such endpoint security suites can be attractive financially," Jab bush says, "because customers can wind up with reduced agent, license and support fees and less management overhead."

There may be a certain amount of convenience if customers decide to layer on more applications within a suite. The newest class of devices-smartphones-is presenting ongoing challenges as organizations figure out how to deal with them. Particularly dicey is whether to allow employees to use their personally owned devices for business and to access the business network. The jury is still out, at least among state government chief information officers. A recent survey by the National Association of State Chief Information Officers says that of 36 states responding to a survey, 39 percent say they allow personal smartphones if they are protected by state security measures. Twenty-seven percent say they don't allow personal smartphones on their networks, 17 percent say they are reviewing state policy, and 17 percent say they don't have statewide control-each agency sets its own policies.

A separate Forrester Research survey says that 73 percent of businesses surveyed are at least somewhat concerned about smartphones being authorized for business use. According to Device Lock, its survey of more than 1000 IT professionals found that fewer than 40 percent of respondents said yes to the question: "Have you taken any steps to secure your business against the security threat posed by iPhones? "Analyzing the responses by region, researchers found that only 25 percent of respondents in North America and Western Europe said yes to the question, suggesting this is a "back burner" security issue, says the endpoint data leak-prevention specialist. Jab bush says the type of smartphone is a factor. "I can't imagine allowing an iPhone," she says. "A BlackBerry is somewhat better" because BlackBerries have a management infrastructure and the devices can be locked down to corporate policies. Mobile device security is one of those areas that should get more attention. However, it is likely that this topic will remain buried-until a lost or stolen iPhone leads to a visible and costly security breach.

CASE STUDY QUESTIONS

1. What is the underlying issue behind endpoint security, and why is it becoming even more difficult for companies to address it? Define the problem in your own words using examples from the case.

2. What are the different approaches taken by the organizations in the case to address this issue? What are the advantages and disadvantages of each? Provide at least two examples for each alternative.

3. A majority of respondents to a survey discussed in the case described their company as "trusting." What does this mean? What is the upside of a company being "trusting"? What is the downside? Provide some examples to illustrate your answers.

Reference no: EM131052499

Questions Cloud

How far the textbook moves from its initial position : how far the textbook moves from its initial position
Case on it and ethics in the chapter : Refer to the Real World Case on IT and ethics in the chapter. Most or all companies have an ethics and compliance program of some sort, but not all of them "live" by it. What does it take for a company to take this next step? What is the role of ..
Restricted because of religious rights of employees : Identify and describe a case in which an employer's activities were restricted because of religious rights of employees. Be sure to explain how the U.S. Equal Employment Opportunity Commission's criteria for religious discrimination apply to the cas..
What is the sign of the charge of the particle : What is the sign of the charge of the particle?
Users say protecting network end points : Users say protecting network end points is becoming more difficult as the type of endpoint devices- desk tops, laptops, smartphones-grows, making security a complex moving target. The problem is compounded by the range of what groups within corpor..
Organization that create value for the customer : Define positive sum competition and describe three characteristics of this form of organization that create value for the customer The Product Life Cycle does not help when evaluating potential strategies do you agree or disagree with the statemen..
Service delivery and support strategies : Explain how the internal analysis is linked to both service delivery and support strategies. Make sure you use appropriate terms from the internal analysis (i.e.: competencies, capabilities, value chain, competitive advantage.
Role of marketing in terms of firm financial performance : Evaluate how the various methods of data collection, employed research statistics, and research designs have enhanced your individual approach to research. Also, consider what you know about the role of marketing in terms of a firm's financial per..
The business processes that enable reinsurance : The reinsurance industry isn't for the faint of heart. The business processes that enable reinsurance firms to form agreements with other insurance companies to accept all or part of their risk can get mighty complex, mighty quickly.

Reviews

Write a Review

Management Theories Questions & Answers

  Delop an eps/ebt chart to reflect my analysis

Need to raise 1 billion, determine which should be used debt, all tock,or 50-50 combination. 38 percent taxes, .30 per share of common share,stock $50 per share . EBIT 6.33,7.67,9all in billion,1 billion common stock outstaning d. Delop an eps/ebt ch..

  Which departments have the most and the fewest problems

Which departments have the most and the fewest problems? does your company (or the process you are reviewing) or one particular area needs a quality improvement program?

  Describe and compare the four types of customers

Explain how an organization should manage each type of customer.

  The position of a health services manager

Case scenarios put you in the position of a health services manager

  Reflecting on personal identity and global citizenship

Reflecting on Personal Identity and Global Citizenship Review the Global Education and Global Citizenship video and read the article "A Model of Global Citizenship: Antecedents and Outcomes" by Stephen Reysen and Iva Katzarska-Miller. Please take so..

  Discuss how dunn should address cultural diversity

Discuss how Dunn should address cultural diversity within the organization

  Value and roi associated with deploying an erp system

Research ERP systems by visiting the ERP company provider web site of your choice (e.g. SAP, Ellucian, Oracle, Peoplesoft, Microsoft, Workday, etc.) Write an essay of between 750-1000 words about the value and ROI associated with deploying an ERP sys..

  Referencing the diagnostic analytic

Referencing the diagnostic, analytic, or compliance, determine the method for selecting a performance issue to be improved.

  Question 1a define governanceb how far do you agree with

question 1a define governanceb how far do you agree with the statement that governance emerged as a political strategy

  In working out your responses to the discussion question

in working out your responses to the discussion question you should choose examples from your own experience or find

  What are the strengths of first national bank

What are the strengths of First National Bank? What are the major weaknesses? What are the major problem mentioned above? Defend your answer.

  Various elements that comprise the field of management

Analyze the various elements that comprise the field of management. In addition to this, research the evolution of management. How has it changed over time? What factors have influenced the changes? Likewise, how has it not changed? Are there a..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd