The Challange: protection Vs. Mobility
The mind-boggling increase in the mobility of the corporate workforce and the availability of wireless internet connections in international airports, hotels, and coffee homes, creates an unbearable challenge to IT managers. Whenever employees, traveling with their laptops, connect to the hotel hotspot, they are in fact connecting their corporate computer systems to an unsecured network, discussed by hundreds of guests. this particular innocent connection jeopardizes delicate data and can bring back protection threats into the corporate system when returned to the office. For this reason, IT managers have used rigid security policies, creating a conflict between the need for protection and the productivity of the cellular workforce. For example, some businesses consider the returning laptops because “infected”. The infected laptop computers are completely formatted plus cleaned. Some allow dial-up connections-only (no Wi-Fi), while others go further to completely stop the connection of laptops to the Internet outside the corporate network.
this particular unbearable conflict between protection and mobility can only become solved if the mobile pressure is equipped with the same level of protection as they have inside the business network. To understand what this means, we should examine the level of security that is maintained inside the corporate systems.
Corporate Network – 2 Lines of Defense
business users enjoy higher protection levels inside the corporate system because they operate behind 2 lines of defense. The first line of defense, is a set of robust security appliances, set up at the IT center plus exclusively controlled by the IT division. It is largely based on a comprehensive set of IT security home appliances running secured and solidified OS, with Firewall, IDS, IPS, Anti Virus, no- Spyware,
Anti Spam plus Content filtering. The second collection is based on the Personal FW plus Anti Virus software installed on end-user’s computers.
The first line of defense completely isolates the user at the physical and reasonable layers.
Unlike PCs, these types of appliances are equipped with a solidified operating systems that do not have protection holes, “back-doors”, or unprotected layers. They are designed for a single purpose, to provide security.
The first line of defense provides the subsequent advantages:
— Mobile program code is not run – content material arriving from the internet is not carried out on these appliances it just goes or does not go through into the network. It makes this more difficult to attack as the mobile code delivered by the hackers does not run on the particular appliances.
Cannot be uninstalled: protection attacks often start by focusing on the security software, while trying to uninstall it or quit its activity.
Software-based protection solutions, as any software program consists of an uninstall option that can be targeted. In contrast, the hardware-based security appliances cannot be un-installed as they are hard coded into the hardware.
– Non-writable memory space – Hardware-based solutions handle the memory in a limited and controlled manner. The security appliances can prohibit access to its memory, providing higher protection against attacks on the protection mechanism.
– Controlled by IT staff – The security appliances are usually controlled by IT, who continuously maintains the highest security guidelines and updates.
– overall performance – The security appliances are usually optimized for maximum protection and operate independently through computers in the network, not really degrading the performance of the desktops or consuming their own resources.
Consequently, the corporate personal computers reside in a secured atmosphere. If the security is breached, at least the damage stops at the gateway. The first line of protection prevents threats from getting into the corporate network. While the 2nd line serves as a safety measure and help defend against threats that may have already entered the system (e. g. emails). But the real problem starts when the corporate PCs go in plus out of this secured environment. Outside the corporate network they are at the frontline with no first line of defense. The problem intensifies as they return, bypassing the first line of defense as they enter the system. These laptops can be considered as the greatest threat because they unconsciously infiltrate security threats
into the supposedly safe network.