For many organizations, endpoint security remains the weak link in their security strategy. While organizations are able to ensure that endpoint clients are installed on company-owned assets, security becomes more challenging when workers use their personal devices for work-related activities. The organizational risks introduced several years ago by BYOD have been compounded as the number of critical business applications and the volume of data being accessed have grown rapidly as a result of ongoing global digital transformation (DX) efforts.
Of course, not all endpoint devices are the same, and each requires a somewhat different approach. Traditional endpoint devices, even those owned by employees, can still be required to install a security client in order to access network resources. Likewise, handheld devices such as tablets and smartphones can be protected using mobile device management (MDM) solutions. And even the most primitive IoT devices can be secured using proximity-based protections.
Laying a proper endpoint security foundation
Like most security issues, success begins with laying the proper foundation. In the case of endpoint security, this begins with two fundamental strategies:
- Organizations need to implement a comprehensive Network Access Control Any device seeking to access network resources needs to meet certain baseline requirements, such as being malware free. If it a user-based device, then it must also be patched and running a current version of any mandated security software. Once a device meets that criteria, it then needs to be assigned to specific network resources using a variety of contextual criteria, including type of device, business unit it or its user are assigned to, current status of the user, and even physical location or time of day.