by Neil MacDonald | May 11, 2009 | Comments Off on Security No-Brainer #5: Security and Management Tools Need to Work Off of the Enterprise Network
In my last post, I talked about several impending inflection points for information security.
One of them was:
More than half of our employees spend the majority of their working hours connected to networks we don’t own and don’t control (airports, hotels, home, wireless, 3G and so on)
This brings me to my fifth security no-brainer (for the previous four see this post): Security and management tools for endpoints must work when the endpoints are network-connected, but not connected to the enterprise network.
Many of the tools today require the end-user to be directly connected (or to establish a VPN connection back) to the enterprise network to receive AV updates or patches. Why not provide a way to reach out and connect to the end-user device without a VPN? This can be accomplished in many ways, including:
- Placing a copy/replica of the management server in the DMZ that the remote devices can see no matter where they are connected
- Using some type of relay server in the DMZ that can proxy the requests to/from the remote devices
- Using a “cloud-based” provisioning service from the vendor (for example, they provide the AV signatures directly to the end user from their Internet-based infrastructure)
- Using a solution like Microsoft’s DirectAccess so that every machine can be treated as if it is attached to our enterprise network no matter where they are connected
Ideally, a vendor would provide several alternatives for extending security and management policies to machines that are network-connected, but just not connected to our enterprise network
For many users, working on the road and using alternative networks will be their normal experience. Rarely will they connect to the enterprise network, even using VPNs. We must be able to extend our security and management policies to these devices. Some vendors can provide this functionality today.
Why shouldn’t we demand this from all of our security and management vendors? Seems like a no-brainer to me.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.