Done right, endpoint security protects critical data without putting the squeeze on users' productivity or IT managers' already overloaded schedules.

Threats and countermeasures

An endpoint is any intelligent, network-aware device that is under the control of an end user and can be accessed from outside the organization. The most obvious threat is the ubiquitous mobile computer with a wireless connection. But even networked printers and copiers have enough processing power and storage to launch an attack.

Any intelligent device with an I/O port can be vulnerable, even to low-tech threats like theft. For Conrad Pearson, burglaries near his office in Lake Oswego, Ore., were the rude awakening. "We're in one of the more exclusive office buildings you can be in," he says. But several years ago, thieves stole computers and other items from nearby buildings. That set off alarm bells for Pearson, a financial adviser at Pearson Financial Group, a 30-person financial planning firm with 500 customers.

Since then, the firm has installed measures such as Centennial DeviceWall software from Centennial Software Ltd., which locks down employees' PCs so they can't copy information to flash memory drives, CD-ROMs or floppy disks. That helps secure customer information, which "would be a treasure trove" for identity thieves, says Pearson.