Humans have long used technology to compensate for human error. In the context of network security, the costs of human error – or simple absent-mindedness – can be uncomfortably high, resulting in network downtime, lost business, and legal exposure.
The problem is driven largely by new ways of working that increase productivity, such as telecommuting and the creation of more entry points into networks. Network security must keep pace with increasing productivity methods. The latest network security buzzword, "endpoint security," works to reconcile the need for strong network security.
Endpoint security asserts that if all machines are patched and free of viruses and worms, the network is safe. However, this client-centric method has two drawbacks: it is not possible to install clients on all machines requesting access to a network; and client software is corruptible.
How, then, can companies adopt an endpoint security solution that maintains business flexibility without overwhelming their IT resources? Four components are essential.
First of all, know who or what is connecting to the network. Authentication and authorization are both well-established components of network security.
Second, ensure that all systems which connect are clean. Network access should be contingent on successful completion of a validation process that incorporates the security policies of the company.
Third, quarantine unclean systems until they have been cleaned. An effective solution must have the ability to route non-compliant machines and then repair them.
Finally, automate the process. With staff, business partners, and contractors in and out of the network, an automated repair process is necessary to minimize the amount of resources devoted to cleaning machines.
These building blocks constitute a network-centric approach to endpoint security that leverages the "carrot" of network access to guarantee enforceability by users. It eliminates the problem of client failure and can even strengthen other security clients by making their existence a requirement for entry.
Endpoint security alone is useful, but endpoint security managed by an intelligent network that can quarantine and repair non-compliant machines is a happy marriage of productivity and technology.
Atif Azim is vice-president of solutions for Perfigo, Inc.