Many IT managers in Windows shops spent this year locking down systems, but the process is ongoing, and most already have plans in place for new security rollouts in 2008.
Some managers have toyed with the idea of added encryption, while others have considered reducing administrative rights.
The IT department at the Visiting Nurses Association & Hospice of Cooley Dickinson in Northampton, Mass., is considering several different products that can encrypt the hard drives on the 50 or so laptops that hospice workers use, said Chris St. Amand, a network technician at the association.
His department has researched products by PGP Corp. in Palo Alto, Calif., which offers a range of enterprise encryption products for desktops and laptops, and by Credant Technologies Inc. of Addison, Texas. Credant makes Credant Mobile Guardian, which encrypts data on mobile devices, including laptops. The association's laptops contain patient information, which needs to be kept private by federal law.
Learning about messaging security products
In Austin, Texas, at the Texas Education Agency, which oversees many of the K-12 educational processes such as curriculum development and textbook adoption, the IT department is researching messaging security products. The agency encrypts its Exchange Server but also wants to encrypt messages from external users that don't have their own encryption, said Wendy Nather, an information security officer in the agency's information systems group.
The desire to add encryption tools reflects the concerns of many IT departments, based on a recent survey conducted by SearchWinIT.com of more than 800 IT managers. The study indicates that 53% of those surveyed had concerns about the effect of mobile devices on network security, and 56% were concerned about securing corporate intellectual property when mobile devices like laptops are used.
While it's crucial for IT managers to keep corporate intellectual property and other data safe, many managers are also concerned that employees are downloading consumer-type applications -- such as dashboard gadgets -- that can compromise corporate applications.
Cancel those customized computers, say apps admins
"We're looking down the road and trying to figure out what the department will use to lock down the network and reduce administrative rights," said Vivienne Flores, an IT developer with Freightliner LLC, a truck manufacturer in Portland, Ore.
Locking down the network is necessary because many employees download all sorts of personal programs to customize their work computer, such as Google Gadgets, the free dashboard information programs with news or sports scores that run on a desktop, she said.
These non-work-related programs can cause problems when IT managers need to update or add applications, essentially breaking the work-related application. Flores said. Freightliner's IT shop has considered virtualizing some applications and also simply using Group Policy, which lets IT managers centrally control user privileges through Active Directory, to control personal downloads.
Many employees have had administrative rights since they began working at the company, she said, so scaling back these rights is a delicate balancing act. The company needs to have more control over what is on its network, but at the same time it doesn't want to demoralize employees who like to personalize their work machines, she said.
Other IT shops have explored new security options simply because vendor contracts have concluded, as is the case at the Sudbury Vocational Resource Centre, a job-training provider in Sudbury, Ontario.
"We're pretty satisfied with what we have. We have many layers, from a network gateway appliance to antivirus and anti-spyware software on the desktops," said Gerry Roy, technical adviser at the center. "But if I was offered a really good price for a package with everything, I'd have to consider it very closely."