Debate: Client-side security is a much better way of securing infrastructure than securing the gateway

FOR - Paul Goossens, chief executive, Preventon

The gateway is certainly the first line of defence for an enterprise's network and users. But relying on gateway security alone is risky and will leave the door open to internet security attacks.

Gateway and desktop security must go hand in hand, otherwise companies could miss out on reduced support overheads and lower total cost of ownership – things rarely associated with implementing a sole gateway solution. Organisations need to employ a managed blended security solution in order to protect their own interests as well as their customers.

Some say that if ISPs filtered traffic, offering 'clean' pipes from the gateway, threats could be eliminated. But this not only requires significant investment and fails to disinfect existing malware on users' computers, it also falls prey to the generation of false positives.

Gateway-only solutions also fail to address the mobile user – who is likely to connect to numerous ISPs that may not employ gateway security solutions. Each of these connections poses a security threat to any PC not running a client-side, blended security suite.

AGAINST - Soeren Bech, EMEA business director, Tumbleweed

Client-side security is a necessary augmentation for basic defences, but can't replace comprehensive enterprise security. It's not just about making a smaller perimeter around the desktop, it's also about securing communications, information, and applications.

While workers reside either side of the firewall, core business applications and protocols remain centralised. There is a trend away from desktop applications toward centralised services accessed (and protected) via gateways. Infrastructure attacks are moving away from general TCP/IP attacks on infrastructure and toward protocol specific or application specific attacks.

Controls, particularly for security related to access control, data privacy, communications and regulatory compliance, do not work at the desktop level. Working files live at the edge, but data stores remain firmly within the enterprise perimeter. Businesses have the legal liability – and policy must be centrally defined and enforced. Gateways are the place to do it.

Is it better to apply and administer security in one place, or in 10,000?