The devices that attach to the end of a network are called endpoints. With the advent of the Cloud and enhanced Internet connectivity, the LAN/WAN network is expanding and more and more devices, more types of devices, are being attached to hitherto isolated networks by link up with the Internet. As a result, endpoint management is becoming complex, and their associated risks are becoming too many.
An enumeration of the different types of devices that connect to a specific network must be the starting point of any analytical approach to end point protection. If the enterprise has adopted a Bring Your Own Device (BYOD) policy, they must recognize that employees may:
• Use multiple devices to connect to the enterprise network on-site or off-site,
• Like to use the device for both personal and official purposes,
• Use multiple corporate and non-corporate email accounts and collaboration programs for official and non-official purposes,
• Participate in social networking and browse other sites using the device that is used to connect to the enterprise network.
In these circumstances, the enterprise will have to ensure that:
1. The devices in use are registered with the enterprise,
2. All registered devices work seamlessly at all times to provide a uniform computing experience,
3. Personal data is isolated from enterprise databases on the personal device and retained encrypted at rest, and
4. Each device is adequately protected against malware/adware infection.
Once all devices have been registered, tagged and configured, the enterprise must move on to the next stage of endpoint protection—namely security.
1. It must be remembered that security for different types of endpoint devices, are not identical. Security products for desktops / laptops are distinct from security products for iPhone and iPads. The security systems required for each type of device must be identified and included in the system design.
2. The types of malware / adware, worms and Trojans that affect these different systems will have to be catalogued and requisite software programs to counter the ill effects of these infections will have to be installed on the devices.
3. Since some threats are layered, the security system design will also have to be layered. Apart from application level security, web level security may have to be implemented to ensure that web traffic is continuously inspected by the system at the gateway between the Internet and the company’s network and between the Internet and the mobile devices.
Finally, the enterprise must ensure that all these devices can be centrally configured, tracked and managed using a “single pane of glass concept” of network management that is being extensively promoted by Cloud based services.