Endpoint security without the pain

23.01.2006
It isn't often that users are happy when their IT manager installs security software on their notebooks. Usually, more security means more passwords to remember, more restrictions on what software they can run and more hoops to jump through to get their jobs done.

But technology team leader Laura Davis says mobile employees at Woolpert Inc., an 800-user architectural and engineering firm in Dayton, Ohio, were "ecstatic" when she installed Senforce Technologies Inc.'s Endpoint Security Suite on their notebooks. That's because previously Davis had flat-out disabled their wireless access out of fear that hackers could use it to access the Woolpert network while users were also linked via their wired connections.

Or, to be more precise, she had tried to disable the users' wireless access. "We had a formal policy, we had the hardware disabled, we had the operating system configuration locked down," she says. But savvy users found ways to go wireless anyway. Davis is now about 50 percent through a rollout of the Senforce suite to about 300 notebook computers. Senforce gives users legitimate wireless access when they're on the road but disables their wireless -- for sure -- when they have a wired connection to the Woolpert LAN.

Davis' experience shows how endpoint security can benefit both individual employees and their employers. Fearing everything from privacy regulations to malicious insiders, many companies are adding more protection to endpoints such as desktop PCs, notebooks and handhelds.

IT managers can lock down users' systems in ways that limit which applications they can run, where they can make a wireless connection and whether they can copy a file to a USB memory drive. "But all the users will hate their guts, because they won't get anything done," says Clain Anderson, director of security at Lenovo Group Ltd. in Purchase, N.Y., which acquired IBM's PC business last May.

By paying careful attention to the needs of users and choosing endpoint security tools carefully, IT staffs can avoid creating overly strict security policies and elaborate network-access rules, as well as spend less time dealing with false alarms and tweaking security configurations, say users, vendors and analysts.