|
 |
|
General Information
|
Add To My Personal Library |
February 6, 2009
• Vol.31 Issue 6
Page(s) 18 in print issue
|
Prioritizing Data Protection & Endpoint Security
Identify Your Assets, Analyze Vulnerabilities & Implement A Plan
|
|
End Points are the end-user devices attached to the end of your network and can be one of the greatest challenges when it comes to data protection and security. How does the SME prioritize the protection and securing of these end points? | Key Points
Because of the sheer size and dispersed nature of end points, the challenge of protecting them may seem too large to address right now. Breaking the task down into simple steps and leveraging available tools and technology can make the project simple and successful while protecting the organization from critical data loss exposure. | | The first step in prioritization is to know what assets you have. Once you decide on a process, you have to determine if it can, in fact, be enforced. Implementing data protection without first knowing if you will be able to enforce that protection is putting the investment at risk before the process even starts.
“Enterprises must begin with first gaining visibility into what assets they have—both hardware and software. It is impossible to secure what you cannot see,” says Alan Komet, vice president of marketing at Promisec (www.promisec.com).
Given the economic realities of this year, this is a logical way to decide when and where to spend the limited data protection and security budget dollars. The “cover it all” philosophy was never logistically feasible and now is no longer economically so.
 Analyze Vulnerabilities
Once this inventory is complete, the analysis of the vulnerabilities of each end point can begin. The systems can be grouped by operating system or application. Some applications can indicate how frequently data changes to give you an idea of what to back up. “Desktops and laptops can be analyzed for lack of or disabled antivirus software or backup software,” says Komet.
The next step is to develop metrics to determine the relative business value of each system. To do that, you will need to determine which metrics to use. Some common metrics include:
The value of the data. What is the relative cost to the business if data is lost? Determine not only how much the re-creation of that data will cost, but also the cost of not knowing that critical data was on an end point in the first place.
Uptime requirement for the end point. Uptime is as critical to endpoint users as email may be to the data center. For instance, a laptop user who generates thousands of dollars an hour for the company will need to have the laptop replaced quickly if there is a failure.
Archiving requirements on the end point. This is not a capacity utilization issue because most laptops and desktops come with more internal storage than users need. It is more a compliance concern, making sure that sensitive information is not hanging around on individual systems.
eDiscovery requirement for the end point. Is it likely that users’ data would be required in the case of a legal action? eDiscovery now goes beyond the scope of the CEO and CFO; a salesperson’s laptop may contain all the critical information in a case.
Confidentiality of the data. Is the data on the end point sensitive to the company itself? Does it contain trade secrets? If so, then some sort of mobile wipe or a biometric lockout may be in order if confidential data is stolen.
Implement Protection
Once these metrics are decided upon, the next step is to map those to each user or system. It is hard to develop a rule of thumb for mapping these metrics. Each business is going to require its own set of policies based on industry type and government regulation.
“The difficulty is now that you have this knowledge in hand, how do you effectively implement it?” asks Fabrice Helliker, CTO of Cofio Software (www .cofio.com). For example, current solutions make this task very difficult because there are not many tools that can apply and manage all metrics.
As a result, each endpoint product needs to be individually configured and monitored. This problem is compounded if the endpoint products do not share system groupings or classification methodologies, so training and understanding of the goal of the protection policy is crippled.
“A new breed of data management products are required, which enables you to create groupings, classifications, and policies for all data management functions within a single view and with a common management toolset,” concludes Helliker.
The end point is often forgotten or deemed too overwhelming to deal with. Tools that can inspect, enforce, and provide endpoint protection are now affordable and easy to implement and maintain. The cost of avoiding the challenge may end up costing your organization millions. 
by George Crump
Endpoint Security: Don’t Forget Backups
Along with security, providing data points on end points is also challenging. For most organizations, this will come down to implementing an online backup service or using similar technologies in-house. “Even after efforts to centralize mission-critical applications such as CRM or mail, the data at the end point is still growing, and that data is still often very sensitive to the company,” says Stacy Hayes, CEO at DS3 DataVaulting (www.ds3datavaulting.com).
Hayes cites two studies by the Ponemon Institute. According to one study, more than 600,000 laptops are stolen a year from airports alone, and another Ponemon study shows that 80% of businesses have had laptops lost or stolen in the past two years. “Clearly, protection and rapid recovery are critical to keep corporate data safe and knowledge workers productive,” concludes Hayes.
Online backup has the advantage of being able to work anywhere that the user has an Internet connection. The agent automatically works without user intervention and can be monitored to make sure that the user does not turn the backup agent off. |
|
|
