| Never Expect Employees to Never Use Untrusted PCs for Work |
|
|
|
|
Security Mistake #5: Expecting Employees to Never Use Untrusted PCs for Work Companies assume if they give employees a laptop, set it up with antivirus, firewall, and all the latest patches, that the computer will stay up-to-date for the next several months. The employee is expected to bring their laptop back to work for another update once the previously installed components have expired. Companies also believe that banning users from using home PCs or kiosks will prevent users from exposing the company network to other potential threats by doing activities such as emailing company files to themselves or copying the files to a disk. Again, a VPN that can secure all types of PCs is required if the corporate network is to stay safe and free from viruses. It also makes sense to use a VPN service that provides end user support. Furthermore, end users shouldn't be afraid to ask for help to repair problems when they occur. This is a big task for an overworked IT staff to take on after-hours, let alone for a small business that doesn't have a helpdesk. Case Study UMB Bank is a regional financial institution and gives a good case study for a similar situation. They had done a cost analysis on buying corporate laptops for hundreds of employees, but cost and upkeep of each computer were major hurdles. Furthermore, the employees had to be connected to the LAN in order to get security updates, so the challenge was further complicated. How do you get the users updated, patched and scanned before they're connected to the LAN? Also, UMB had remote workers that would be in the field for months without coming back into the office for updates. UMB didn't want to risk sharing financial information with users on a non-compliant setup. Two-factor authentication had already been deployed, so they needed integration of the existing policy. They also needed the ability to change security policies in real time for remote users. What if 30 days after they gave an employee a corporate laptop, UMB administrators wanted to change the frequency of anti-spyware scans? Positive Networks offered a remote access solution that guaranteed all of the above challenges were addressed and achieved. Ease of use for the end user and the IT administrator is of the utmost importance. If one accounting person can't easily get to their accounting application, then they could be copying files to disk or emailing themselves information to work remotely. What if a salesperson can't get to updated leads easily and securely when traveling? Every computer that connects to a company network remotely is untrusted. Security is about getting every computer into a trusted state each and every time a user connects with the VPN, and then keeping it trustworthy for the duration of the session. Solutions:
Recommendation: A True Service Model Every computer that connects to a company network remotely is untrusted. Security is about getting every computer into a trusted state each and every time a user connects with the VPN, and then keeping it trustworthy for the duration of the session. To understand how Positive Networks provides a completely managed, hosted, endpoint security and remote access service requires a shift in traditional VPN knowledge. With PositivePRO, there is no hardware. A new device isn't required every few years, and there is no requirement to purchase extra software updates and expansion modules. Instead of installing an appliance alone, IT administrators can rely on a team of dedicated VPN experts implementing, managing, operating, and monitoring the solution. The IT administrator also keeps complete control over the project, but the team of experts is ready to help the department and make the solution work within 24 hours. The PositivePRO service takes the hassle out of VPN management. From a business perspective, there are several advantages to a true service model. Low upfront costs with a pay-as-you-go model means that the service must continually work for you to remain viable. Traditional appliance resellers may only provide satisfaction when a new appliance purchase is required. An IT department always needs the most advanced features and functions. As spyware becomes more of an issue, a service model continues to push automatic updates to end users. This is the best way to take control of spyware. Companies that don't use a service model hunt for a new system that performs patch management on remote PCs every few years. In summary, with a pay-as-you-go model, the latest, most secure VPN solution is always available without incurring extra charges for new features or new hardware. Security, support and ease-of-use are certainly important when analyzing what remote access solution works best, but productivity is also a priority. For example, when a user signs onto Positive Networks' PositivePRO service, their computer is run through a security check and then reconfigured in real-time:
When a user signs off, the computer goes back to the way it was wallpaper changes back, when they click on the Outlook icon, for example, it goes to their home email when just a few seconds earlier, it would've brought up their work e-mail. The most powerful aspect of the Positive Networks' service is that all features are in a single solution. Reporting (for IT administrators) is located in one place for every aspect of the PositivePRO service. The architecture of PositivePRO is very simple. Several very secure, highly redundant data centers are located all over the country. They contain redundant gigabit fiber connections and BGP. Positive Networks provides a location near your network where the policy management happens, the web-based service is hosted, and as a result, create flexibility for connecting a company's LAN into the data centers. Typically this is achieved with a thin Network Connector agent that can run on any Windows workstation on a company LAN or with an IPSec tunnel to a firewall. As an end user accesses corporate network resources, whether from the VPN client or with a web browser, they first have to connect to the Positive Point of Presence and go through the endpoint security check. Then, the user's PC is checked against all corporate policies. The user may need to download antivirus software or Windows Critical Updates. Finally, once the user's PC is secure, the data center facilitates a connection to the corporate network, allowing the user to access resources. The security monitoring connection is always open to Positive Networks' data center. If the connection is broken due to any violation of security policy, the end user is immediately placed in quarantine from the corporate network. The second connection to your LAN is suspended until the situation is completely resolved. The Positive Networks support desk is available 24/7 to all end users and IT administrators for troubleshooting of any problem ranging from virus software to re-installing network connectors to file shares failing. Conclusion When evaluating the security of your VPN, review information associated with the five most common security mistakes to avoid costly mistakes like security breaches or compromising private information. Compare alternatives, and select a solution that will fit your budget, your needs and your time frame. Our recommendation is to use a hosted, managed service that is easy to use and implement, can withstand the demand for an IT support desk, fit within your budget using the pay-as-you-go model, and be able to give more flexibility to growth in the amount of users you'll need over time. |
| Next > |
|---|