Increasing mandates to secure the configurations of all PCs, including each and every unconnected device in the enterprise, is a nightmare for IT managers charged with providing network access while satisfying government regulators.
Companies must develop and put policies on machines so they can enforce the policies for the safety and security of the network environment, said Natalie Lambert, an analyst at Forrester Research Inc., a Cambridge, Mass.-based consulting firm. Without this ability to maintain security configurations, companies leave themselves vulnerable to attacks and open to regulatory scrutiny.
Fortunately, the number and variety of endpoint policy management tools to help IT managers protect their networks is growing, and the tools are improving all the time.
For example, Boston-based FullArmor Corp. this week will introduce a software appliance that automates delivery, enforcement and auditing of security policies on remote and mobile devices. The Endpoint Policy Manager appliance is loaded with software that continuously audits and enforces security policies in Active Directory and Group Policy regardless of the state or location of the device.
In addition to FullArmor's own technology, the product includes a SQL database, virtual machine and other supporting software. The software checks to make sure that all endpoints, even those unconnected to the network, have the right Active Directory and Group Policy settings. Endpoint Policy Manager is available immediately and pricing starts at $20 per user or managed endpoint.
Other companies, such as Senforce Technologies Inc. and InfoExpress Inc., offer endpoint policy management products as well. Senforce, of Draper, Utah, makes software that combines several driver-layer technologies and other applications to keep the network safe. And InfoExpress, of Mountain View, Calif., makes CyberGatekeeper Remote that sits between remote endpoints and the network. It audits the network for policy compliance and blocks access, redirecting the user to get the proper settings in order to gain admission.
The IT department at Mass Mutual Financial Group, based in Springfield, Mass., is struggling with the issue of how to lock down its remote devices. The insurer has many independent agents, whose computer systems are not directly under the control of the company, said Bruce Bonsall, a company vice president and chief information security officer.
In addition, many customers access their accounts online and MassMutual can't mandate what they have on their on their work or home computers when they do, Bonsall said. "We have to educate them and help them understand the problems," he added.
While finding ways to automate some of these processes is important it also helps to keep IT costs down, according to Eric Ogren, a security analyst with Enterprise Strategy Group, based in Milford, Mass. Ogren estimates that it costs an IT department about $100 just to touch a laptop -- that is, even before performing and diagnosing a problem.
MassMutual's Bonsall oversees network security, but he also tries to automate as much of his company's IT processes as possible. Automation of security policies, as well as other policies, helps keep systems as up to date as possible because they are constantly being applied no matter whom is accessing the network, Bonsall said. When policy enforcement is left to individuals, the process is not always consistent and accurate.