Endpoint Management for SMEs

Posted by on Jun 19, 2013

Businesses of all sizes must quickly adapt to changing security concerns and complex third party attacks. But for small businesses, such concerns are of even greater importance as the rise of Bring Your Own Device (BYOD) policies leave many company networks vulnerable to data mining, security breaches, and exfiltration. The modern workforce is more mobile than ever and SMEs are scrambling to provide greater flexibility without sacrificing security.

Keeping Endpoints Safe

Image courtesy of HealthfortheWholeSelf.com

IT teams have had to find solutions that cover both endpoint and user identity management. As Grant Ho, Director of the End-User Computing Marketing team at Novell, writes, “The convergence of endpoint and identity management becomes even more critical as businesses shift towards more flexible computing architectures using a mix of physical, virtual and cloud environments, it becomes even more critical for the desktop to follow the user.”

Endpoint management is a necessary step in securing onsite information. Through endpoint management systems, server and desktop administrators can manage any networked device, from mobile devices to company desktops and servers. Essentially, endpoint security management involves network policies that require compliance before allowing network access. Endpoint management covers Bring Your Own Device policies for devices like tablets, smartphones, and personal laptops.

Managing Endpoints

Image courtesy of astd.org

Endpoint security management systems, which can be purchased as software or as a dedicated appliance, discover, manage and control computing devices that request access to the corporate network. Endpoints that do not comply with policy can be controlled by the system to varying degrees. For example, the system may remove local administrative rights or restrict Internet browsing capabilities.

Companies that are used to making large investments in network security often leave a security gap when it comes to endpoints. This is troubling when considering the fact that most of the dangerous attacks that have plagued enterprise networks have been traced back to endpoints. As Scott Crawford, Research Director for Enterprise Management Associates, writes, “We’ve seen this advancement in techniques for network-based detection, but we haven’t seen quite that much advancement on the endpoint…And, yet, if you look at what the target is in most of these cases, the strategic target may be the user’s privileges to sensitive data, so the tactical objective in a lot of cases is the endpoint. You’re going to focus on compromising endpoint functionality to gain visibility into the user’s activities and get access to their credentials.” So when endpoints are left unsecured, hackers can exploit this vulnerability by seizing the necessary credentials from users without having to do the time consuming work of cracking into the system. For the sake of data security, SMEs must be able to identify the location of any compromised endpoints otherwise attacks could go unnoticed.

BYOD policies

Image courtesy of PGI.com

Investing in endpoint management allows SMEs to flag any suspicious activity in order to make any necessary security or user credential adjustments. As John Prisco, CEO of Triumfant, says, “You’ve got to be fighting the battle in the trenches, and the trenches in this case would be the endpoint…You have to have something on the endpoint that isn’t antivirus that’s looking at changes [to the endpoint]. It has got to be looking at everything and making decisions based on normal behavior changes.” Some IT managers have opted for the stricter route of application control, but such a rigid measure runs the risk of lowering employee morale and even halting workflow in the case of a needed download or temporary application. Instead, companies can adopt a hybrid cloud model by securing endpoints onsite with the IT team and closely monitoring user credentials. After that, any sensitive company data should be encrypted onsite through basic hashing and salting. Finally, SMEs can ensure full data privacy and protections through a third party cloud service provider.

From Endpoints to the Cloud

Choosing the right third party cloud service can be a challenge for SMEs as many cloud services on the market have glaring security gaps that leave private company data vulnerable to third party attacks and even internal exploitation by employees. One cloud service provider that sets itself apart from the rest is SpiderOak Blue. This private cloud offers the convenience and cost benefits of cloud storage along with 100% data privacy.

SpiderOak protects sensitive company information through 256-bit AES encryption so that all company and consumer files and passwords stay private. SMEs can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of passwords or data. And plaintext encryption keys are exclusively stored on approved devices, so that endpoint management systems can be incorporated. SpiderOak’s private cross platform cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, giving SMEs flexible solutions to leveraging technology in their favor so they can stay ahead of the competition.

Leave a Reply