Modern technologies have opened a Pandora's box of issues for companies trying to keep control of their networks. It is not unusual for a typical employee to launch instant messaging, log onto Facebook and start sharing videos with friends and colleagues. Not only might members of staff log on to the network from their desks, they might also log on from home, or from their laptop at a WiFi hotspot in a coffee shop or at the airport.
While the ubiquity of the new internet is predominantly positive for businesses, boosting employee up-time and therefore productivity, it has opened up a can of worms in terms of security, and adhering to an ever-escalating number of compliance regulations is becoming an increasingly difficult challenge for organizations. By their ability to puncture holes in corporate defenses, these new technologies are like candy to a baby for cybercriminals, who are exploiting these vulnerabilities to infect networks with malware, spyware and Trojan horses for their financial gain.
Organisations' ongoing drive for more flexible working practices also has a major impact on the overall security of corporate networks. Now, networks need to be opened up to third parties, such as contractors, customers and consultants, but these guests may not use the same security applications as the host network and may not have applied the most recent software upgrades or patches. Moreover, full-time employees are frequently granted administration rights that enable them to use their computers from outside the office, but this can compromise security, as it requires that some critical security services are disabled.
Despite the risks involved in not keeping a tight rein on the comings and goings of network users, a surprising number of organisations have no enforcement mechanism in place to drive compliance or to report on results. This gap in corporate policy exposes the enterprise to a range of threats; not simply from malware and hack attacks, but also the loss or theft of intellectual property, and punishment from inadvertently flouting regulatory requirements.
Some forward thinking businesses are however cottoning on to the risks and have therefore begun to implement security policies which try to control employee use of corporate resources and the internet whilst at work. While such frameworks can go some way towards ensuring that employees toe the line, they can be difficult to implement and enforce. Furthermore, policies alone do not present a watertight solution and they cannot stop all security breaches that are outside user control.
What are security companies doing to support customers?
The complexity of managing modern security applications, combined with a lack of control over employee and visitor computers attaching to the network, has driven many security vendors to incorporate compliance and enforcement capabilities as extensions to existing products. Indeed, some vendors have gone as far as to shift their position from promoting single endpoint security products to creating and endorsing entire suite of endpoint security solutions to give IT departments back the control they need to quash the growing threats to their networks. It has become starkly apparent that companies need support in managing all the various users and endpoints accessing their networks to ensure that security and compliance breaches do not take place.