Beyond Mobile Device Security: Why Comprehensive Endpoint Security and Management is a Must-Have for Small and Medium Enterprises www.earthlink.com 1
Are you prepared to bear the cost of mitigation if a mobile breach occurs, and have you done enough to prevent a breach? The costs and efforts to resolve data exposures are expensive and distracting. A study by the Ponemon Institute indicates that the damage costs of a data breach have declined but still number in the millions of dollars per incident and hundreds of dollars per compromised record. Gartner, Top Seven Failures in Mobile Device Security, 14 February 2013 Executive Summary Recent research from Ponemon Institute reveals that malware attacks are increasing and are significantly impacting IT operating expenses. Of those, advanced persistent threats and hacking pose the biggest headache to IT security pros. However, only 12 percent of survey respondents believe current anti-virus/anti-malware technology is very effective in protecting their IT endpoints from today s malware risk. Moreover, a mere 5 percent plan to increase their use of the technology. 1 The issue is exacerbated by the surge in personal devices being used in the corporate environment. In fact, many IT directors in small and medium enterprises (SMEs) are left wondering how they can manage and support all those different devices and still achieve their security and compliance objectives. This white paper underscores why it s critical for SMEs to protect all endpoints not just mobile devices in the operating environment. It also explains the challenges of applying stringent security across all endpoints and balancing that with convenience and ease-of-use for employees. In addition, it outlines what to seek in a solution for overcoming these challenges and achieving security and compliance goals. Why End Point Management Matters to SMEs Most midsized businesses are facing increasing complexity and diversity in their environments, coupled with rising user expectations for 24x7 support no matter where they re located. With mobile device adoption surging, IT staff no longer have control over every endpoint connecting to the network, leading to a host of problems where access control is weak or nonexistent, and the endpoints are not properly secured. This is especially the case since SMEs are no longer bypassed as in the past, when viruses and trojans were targeted at larger enterprises. Moreover, cybercriminals are increasingly employing targeted and sophisticated attacks in an attempt to exploit endpoint vulnerabilities. Plus, according to Gartner, data leakage on mobile platforms poses a greater problem than malware. Mobile devices like the ipad or iphone are designed to share data in the cloud and have no general-purpose file system for applications to share, increasing the potential for data to be easily duplicated between applications and moved between applications and the cloud. 2 2
Ignoring the extensive nature of the security problem leaves the business vulnerable and forces the IT department into firefighting mode, dealing with problems when they occur versus proactively managing and inspecting the environment on a regular basis. It s no wonder that eighty percent of respondents to the Ponemon Institute study believe laptops and other mobile data-bearing devices such as smart phones pose a significant security risk to their organization s networks or enterprise systems because they are not secure. 1 At the same time, IT professionals have less and less confidence in network security. Forty-six percent of those surveyed by the Ponemon Institute feel their IT network is no more secure now than it was a year ago. 1 Moreover, sixty-seven percent feel they lack the resources to minimize IT endpoint risk throughout their organization. 1 In fact, the Ponemon Institute posits that the dynamic security terrain impedes efforts to improve endpoint security. The Institute lists the following as major challenges to endpoint security: personally owned mobile devices in the workplace, an increase in the mobile workforce, third-party applications, employees use of private clouds, and advanced persistent threats. 1 The current attempts to address these issues fall woefully short. Banning BYOD Some organizations prohibit Bring Your Own Device (BYOD) for employees and focus on securing desktops, laptops and other network operating equipment. But the time has long passed where SMEs can afford to ignore the consumerization of IT. In today s mobile computing environment, employees expect to use whatever tools make them most productive. Focusing on a single endpoint Other organizations only tackle mobile endpoints in their security strategy. But focusing only on mobile device management (MDM) solutions to address BYOD demands gets at only a fraction of the problem. Using multiple security solution Still other organizations cobble together solutions from multiple vendors. Trying to manage such complex environments with limited IT staff or less than fully qualified security experts creates potential security gaps. And that can lead to non-compliance situations. For organizations required to meet stringent regulatory requirements (SOX, HIPAA, PCI, etc.), having endpoints proactively managed and secured is critical to business operations. After all, non-compliance situations can lead to lost revenues, fines, a tarnished brand image, and loss of customer trust. The Best Approach to Defending All Endpoints With budgets already lean, the answer is not throwing more IT personnel at the problem. And with the BYOD revolution in full swing, it is more important than ever to integrate device management into the enterprise management structure. According to Gartner, IT can t select the most secure, manageable, and lowest cost mobile platform because users will continue gravitating to their preferred devices. And because of the diversity of devices in the enterprises, organizations will continue to struggle to meet a lot of basic security and support needs. 3 3
All of this underscores the necessity for a proactive endpoint defense along with ability to rapidly remediate, protect and report on endpoints in real time. Taking a holistic approach and managing mobile devices alongside servers, desktops and laptops ensures consistent application of corporate security policies across all endpoints that access the network. The Solution: Unified Endpoint Management Instead of a separate system for managing mobile devices or other network components, organizations need a unified security system in place that offers single pane-of-glass visibility. After all, maintaining security of all endpoints mobile devices, PCs, Macs, network devices, and servers is a mission-critical requirement. Like it or not, enterprises have entered a post-pc world, where the network must accommodate new choices at every layer of the stack. These include traditional, mobile, and social applications and operating systems; various server architectures; and an array of mobile devices ranging from smartphones to tablets and other mobility tools. Cisco Internet Business Solution Group, BYOD and Virtualization Top 10 Insights from Cisco IBSG Horizons Study, 2012 4
Enabling BYOD is a trigger point for considering a Unified Endpoint Management and Security service. Traditional Endpoint Management Mobile Device Management Enterprises need to effectively manage both fixed and mobile endpoints to achieve their security and compliance goals. Yet with limited resources, it s not practical to manage multiple solutions. A Unified Endpoint Management and Security solution can address their needs. Endpoint security will become even more important as the number and types of devices accessing enterprise resources explode. - Gartner, Predicts 2013: Endpoint Security Becomes Even More Important for Infrastructure Protection, 29 November 2012 The Benefits of Unified Endpoint Management and Security Maintaining security for all endpoints Keeping the workforce connected and productive Meeting compliance requirements OS Management Patching Power Management Anti-Virus Software Distribution Device Inventory Security Policy Management Application Management Device Configuration (VPN/Email/WiFi) Device Wipe Encryption Management Roaming Device Support Multiple OS Support Location Info Jailbreak/Root Detection Enterprise App Store All that said, the reality is that many mid-sized enterprises don t have the resources or IT staff to purchase, implement and manage an in-house endpoint security solution. The answer is leveraging a managed service model that enables organizations to focus on business value while gaining peace of mind that all of their endpoints are professionally managed and secure 24 7. What to Seek in a Managed Security Offering While a unified endpoint management and security offering is the best option for many SMEs, not all such services are created equal. Here s what to seek in the ideal solution: End-to-end support: This includes an end-user help desk for all endpoints including mobile devices, desktops, servers, and network devices to keep employees productive with fewer disruptions. Integration services: Unless organizations want to become the integrator of security components from a variety of providers, they need a provider that can handle integration for them Proactive protection: Seek a provider that will proactively protect endpoints with continuous monitoring, patch management and proactive alerts. Anti-Virus protection: The service should keep computers (both PC and Mac ) current with the latest anti-virus definitions through weekly proactive updates and immediate critical updates. Critical OS, software updates and patch management: Ensure critical Microsoft patches and periodic upgrades are tested and automatically 5
distributed to the organization s PC/Mac user community in a timely fashion. Anti-Malware: PCs and Macs should be kept current with the latest anti-adware/spyware definitions through continuous, proactive updates and immediate critical updates. Asset tracking: Organizations should make sure computer hardware, OS versions and applications will be tracked throughout their environment, ideally with reporting available via a web-based portal whenever they need it. Continuous configuration management: Look for ongoing assurance that security levels are maintained and computers are stable and automatically optimized should critical aspects of a user s computer fall out of compliance with standards. Software distribution: Make sure software deployment packages are developed, tested and distributed throughout the PC/Mac environment. Mobile device management: Look for a unified platform for managing a diverse fleet of mobile devices and tablets together with traditional endpoints. Server management: Ensure servers are fully managed and monitored, with technical teams and security experts poised to handle any issues that might occur no matter what time of day or what day of the year to minimize any impact on the business. Remote and secure log in: Confirm that users can remotely and securely log in to their computers from anywhere using the Internet. PC/Mac backup: Validate that PCs and Macs are backed up daily, creating the ability to quickly restore either individual files or entire systems. PC data encryption: Organizations should ensure they can enforce encryption of sensitive data on their inventory of PCs quickly, easily, and without significant IT burden or user impact. They also should look for the capability to destroy data (permanently or recoverably) remotely if an unauthorized individual gains access to that data. Web filtering: Look for the ability to control Internet use through integrated content blocking, URL filtering and malware protection. Full 24x7 support: Confirm access to live level-2 support for technical and business contacts. 24x7 helpdesk for end users: Make sure a helpdesk is available providing around-the-clock support for end users. Unified Endpoint Management in Action EarthLink manages the ever-changing and complex environment by supporting all aspects of a business IT needs. This includes everything from hosting an organization s primary IT infrastructure and applications to the delivery of these applications to end users for a seamless end-user experience. Here s a real-world example of how this service helped an organization centralize its IT across 49 countries. The Hay Group, a global management consulting firm, operates in 49 countries, comprising 14 regions with country-centric IT managers. It sought to centralize the common aspects of IT to provide comprehensive oversight without removing regional control. Each IT manager was responsible for deploying their own policies for PC security and data protection, as well as providing helpdesk services to regional employees. Because it was continuing to grow rapidly (through acquisitions and organically), the Hay Group knew this IT structure wasn t sustainable. Moreover, security policies and helpdesk support needed to be consistent from region to region. According to Hay Group s worldwide IT director, Robert Butler, the challenge was global order and a systemic single process to gain insight into the health of Hay Group s overall IT operations without alienating 14 country-centric managers or compromising on regional requirements and concerns. Three factors added to the complexity: A diverse PC hardware population. The Hay Group supports 14 languages (PC operating systems), with limited visibility, making it difficult to validate overall PC security. Highly mobile workforce. The firm faced the growing challenges of securing an environment where 80% of user devices are mobile. Inconsistent helpdesk service. The Hay Group had IT staff across the globe delivering support to their user community, and it was difficult to provide a consistent level of service and capabilities. 6
The Hay Group leveraged the infrastructure and economics associated with EarthLink s multi-tenant solution to standardize IT practices worldwide, enhance and ensure security, deliver consistent service levels, gain cost efficiencies and reduce time to market, while using best-in-breed applications. With Unified Endpoint Management and Security, PC/ Mac backup, and 24x7 helpdesk from EarthLink, The Hay Group was able to centralize the commodity aspects of IT to achieve comprehensive oversight without removing regional control. This combination addressed four critical business goals: Enhanced security. Moving to an endpoint security and a PC data protection solution keeps systems current and compliant over time. Consistent, global support. Delivering 24x7 helpdesk support for global users, which includes consistent service no matter where or what time, highly responsive, detailed reporting and analytics, and user satisfaction measurement. Flexibility/agility. Automating key processes helps The Hay Group perform routine operations quickly and seamlessly, such as opening/closing offices and adding/changing users. Improved economics. The firm gained $300,000 in immediate savings, while reducing 13 positions and reinvesting six IT headcount into supporting business operations. The predictable, fixed fee scales up or down every 30 days with the Hay Group s business, making it extremely easy to budget globally year over year. Conclusion: Keep Your Work Environment Healthy and Secure In today s always-on work environment featuring a growing number of ever-changing endpoints, SMEs must find a way to secure their data and processes without impeding user productivity. And they must find a way to do so without asking more of an IT staff that is likely stretched thin. Moreover, prohibiting BYOD, focusing only on mobile devices, or cobbling together multiple security solutions is not a viable or cost-effective approach to the problem. An affordable, holistic solution is available to help midsize businesses secure and manage their mobile devices, laptops, desktops and servers without burdening IT staff. EarthLink delivers a unified endpoint management and security solution that enables organizations to view the health of all managed endpoints on their network from a single pane of glass. As threats emerge, the solution enables rapid remediation, protection and reporting on endpoints in real time. This unified endpoint management solution simplifies and standardizes management of all endpoints on organizations networks (PC, Mac, laptops, tablets, smartphones, servers, and network devices) in order to minimize disruptions in day-to-day business operations. Industry-certified professionals, bestin-class tools, and the latest technology enable EarthLink to deliver a service with security features woven throughout every aspect of the offering. Plus, integrated tools eliminate the challenges created by siloed point solutions, providing a single console for visibility and management. The Unified Endpoint Management and Security service from EarthLink combines a robust, reliable IT infrastructure, proactive management capabilities and automated processes. All of those work seamlessly in the background, enabling SMEs to enforce their corporate security policies across all endpoints. SOURCES: 1. 2013 State of the Endpoint, Ponemon Institute, December 2012 2. Gartner: Bring Your Own Device: The Facts and the Future, Internal Use Only, 11 April 2013 ID:G00250384 3. Gartner, Critical Capabilities for Mobile Device Contact us at 1-877-355-1501 learnmore@earthlink.com www.earthlink.com 7 2015 EarthLink. Trademarks are property of their respective owners. All rights reserved. 1071-07576