7 Layers of Data Security: Endpoint

By: Christina Southern on Jul 6, 2016 8:07:26 AM
Find me on:

Note: Today is week 5 of a 9-week blog series in which we are peeling back the 7 Layers of Data SecurityCatch up on the series here.

Layer 3: Endpoint Security

Endpoint Security Graphic

Endpoint Security focuses any device by which a user accesses network data.

If your network environment were a group of crisscrossing interstates and highways, the on-ramps would be the endpoints. Specifically, these endpoints or "on-ramps" are the devices your employees use to access your corporate data on your network. Servers, computers, tablets, smartphones, hard drives, thumb drives, etc., can all be considered endpoints.

The Problem with Endpoints

Endpoint security is particularly critical because of the sheer number of network "on-ramps.” In even a moderately sized network, there are many devices connected at any given time. Add to that the fact that those devices are often mobile, personal, and not encrypted, and you get an environment ripe for security threats.

The Security-Convenience Exchange Rate

Have you ever left your car unlocked because you knew that when you came back, you wouldn't want to — or be able to — unlock it? “Surely,” we think, “no one could steal my car in the short time I’ll be away. It’s much more convenient to just leave it unlocked.” We’ve all done it.

Lost or stolen devices accounted for 68% of the breaches reported to the Health Department from the healthcare providers.

Similarly, when implementing changes to increase security in your business, there is always a trade off between Security and Convenience. This trade-off is like the exchange rate between currencies in different countries. Pursuing Security and Convenience in a corporate network are essentially different countries that require different forms of currency. The trade-off between them is like the exchange rate. The exchange rate between security and convenience is often pretty steep. Security diminishes when you make data more accessible.

Most of the time, more secure data is less convenient for users to access. Even if it just means adding an additional login, or a more secure password, or two-factor authentication, putting an extra barrier between your data and the outside world also means putting another barrier between your users and their data.

That is changing, though.

Technology is constantly improving to lower the “exchange rate” between Security and Convenience. And perhaps more importantly, the more we invest in Security, the more we begin to appreciate and accept as normal the minor inconveniences required to protect our data.

'Bring Your Own Device' Policies

Cloud ComputingNo one asked you. It wasn't part of a larger strategy. And it definitely wouldn't have been your decision. But none of that matters because your employees are using their personal devices to access corporate data, and now you have to deal with it. "Bring Your Own Device" (BYOD) is the concept that employees can use personal devices for work-related purposes. The benefits are that your employees can work from almost anywhere, and, hopefully, they're more efficient. The problems, however, are abundant.

The Problems With BYOD

As the number of devices that are expected to access corporate data increase, thought to securing those devices has not increased proportionately.

People clamor for BYOD. No one clamors for security. In small businesses, the loudest voice often gets what they want.

Only 30% of companies have approved BYOD policies.

Before, there was no expectation that I as an employee got to choose what device I wanted to use. But now, there is pressure from all sides of the IT department to make those devices accessible, integrated, seamless, and efficient. Almost no one, however, is clamoring for those devices to be secure. That's something the IT department has to determine, solve for, pitch to leadership, emphasize, worry about.

Without a champion, the BYOD workplace, while efficient and very flexible, will -- I repeat, will -- be your company's weak point. Strong security policies are the backbone of an effective BYOD workplace.

Considerations when creating your BYOD policy

  • Which type of corporate data can be processed on personal devices
  • How to encrypt and secure access to the corporate data
  • How the corporate data should be stored on the personal devices
  • How and when the corporate data should be deleted from the personal devices
  • How the data should be transferred from the personal device to the company servers

A BYOD environment is fine as long as you control it adequately and have proper policies in place to limit access appropriately to corporate data. However, many organizations don't lay the right framework, so these devices just create more cracks in your security.

So, what are those controls?

Let's Talk Encryption

Encryption is the process by which you scramble the data on your devices, making them unreadable to any viewer without the appropriate credentials. It is a software that makes the data on your device unreadable. If a criminal were to steal your device and attempt to access the private information on it, he would not be able to see it, read it, use it, or sell it. It's not just for computers either -- external hard drives, thumb drives, even servers are all able to be encrypted.

Why Endpoint Encryption?

It is vital to encrypt your network “endpoints” because without it, those devices present a significant security vulnerability. Simply put, endpoint encryption is the simplest, most cost effective way to address a wide swath of your network vulnerability in a single step.

Below are some of the tools that can help bolster your endpoint security:

  • Servers, Workstations, Switches, Routers
  • Desktop Firewall
  • Kaspersky, McAfee, Trend
  • Content Security/AV/Malware
  • Kaspersky, McAfee, Trend
  • Host IDS/IPS - Some bleed over into different zones
  • Endpoint Security Enforcement
  • AlertLogic
  • Patch Management
  • Endpoint/Device Encryption
  • Mobile Device Management (MDM)
  • 2 Factor Authentication
  • Hosted Desktops

Security Assessment

Now is the time to consider the next step toward building a culture of security within your organization. Request a Security Assessment from TekLinks’ team of experts.

Catch up on the rest of the 7 Layers Data Security series here.

Next week we will discuss Application Security, the process of securing the software your organization uses to perform a particular function.

WHO IS TEKLINKS? A national leader in cloud computing, managed services, engineering services, and value-added resale. We’re a team of expert techies and business professionals who are passionate about building valuable relationships and getting things done right. Simply put: We make IT work for business.

Topics: Business Tech, Security

CONSIDER IT MANAGED. C Spire Business is the nation’s first full-stack managed solutions provider, capable of offering advanced connectivity, cloud, software, hardware, communications, professional services, cybersecurity, business continuity, and technology support in a single, seamless IT solution portfolio. The result is smarter. Faster. More secure. From desktop to data center, we meet you wherever you are and take on your biggest technology challenges.