Story image

Trend Micro asks... What's your front line of business defence?

07 Jun 14

In today’s environment it is increasingly difficult for IT departments to manage the security of staff and all their activities.

A greater range of activities – using mobile devices, social networks, synchronising files to the cloud, sharing and collaborating using web based applications – combined with range of operating systems and the rapid proliferation of smart phones and tablets, leaves IT with the challenge of supporting this changing environment, let alone securing it.

This raises the question of ‘who owns the end point?’ This question, or more specifically the answer, dictates directions and policy as to what can be done both legally and technically to protect the devices and, in turn, corporate information.

The first line of defence

We lock our houses, and businesses should follow this simple logic in the way they safeguard their security assets. The traditional endpoint and perimeter security may act as a house, but the doors and windows are opened for staff every day.

Perhaps more concerning is that the mobile device has the potential to leave the keys in plain sight. Without the appropriate safeguards at every access point as well as the end point, businesses bare themselves to the world.

Access to the endpoint, whether that be a phone, tablet or laptop, gives access to authentication credentials, social media and potentially corporate information, as well as what is on the device.

The impact of either a breach or loss of an end point can have extremely serious ramifications both personally and professionally.

End points are a network of one

Traditional perimeter or gateway controls often leave gaps against an ‘anywhere, anytime’ IT environment. As we extend more data into mobile devices, organisations should look at what is required to create a perimeter to protect the information and where it is being used.

This individual perimeter may include elements such as data loss prevention, including encryption, virtual non persistent extensions of corporate data into sandboxes within the devices, anti-malware that controls web URL reputation, file reputation and application reputation, together with intrusion prevention and detection.

Include strong authentication – preferably strong password access – to access each device, and look at anti-theft and device wipe solutions.

Secure non-persistent corporate data sharing environments and develop policy enforcement where appropriate.

Cloud based security services that enforce security are also ideal in this space, as devices are always connected, irrespective of location, and are not reliant on corporate gateway security. Look to vendors who have complete user protection.

Centrally managed security solutions for mobile, endpoints, gateways, data centres and key data assets is not marketing hype – it is the only strategy that can provide peace of mind in this modern environment and deliver the end to end security that that organisations need.

By Peter Benson, senior security architect, Trend Micro New Zealand

MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.