Securing Your Mobile Workforce

By Lauren Simonds

February 17, 2005

Senforce Endpoint Security Suite aims to help SMBs keep mobile devices secure and compliant.

SMBs with mobile workers needs to think very carefully about protecting the notebooks their employees use while on the road, at home and — with the growing popularity of Wi-Fi hot spots — anywhere in between. Employees logging on and off of various networks are vulnerable to hackers, digital vermin of all kinds and data theft. Protecting your mobile network devices, known in the industry as "endpoints," should be a high priority.

Senforce, a 54-employee software company based in Draper, Utah recently announced its Endpoint Security Suite 3.0 (ESS), a collection of integrated software applications designed to secure networked and standalone endpoints.

Senforce points to a Gartner study that says nearly 90 percent of mobile devices don't have endpoint software to protect them from hackers. "Your laptop is your network in a microcosm," said Tanya Candia, the company's vice-president of marketing. "It contains critical company data that could be lost, stolen or other wise compromised."

Four Key Components
ESS brings four integrated software solutions under one management interface. The interface is meant to let an administrator determine security policies so that individual employees don't have to make security decisions or adjust any settings as they move from one network to the next. The four components include:

Advanced Firewall
The firewall enforces security policies on devices like desktops, notebooks and tablet PCs. Kip Meacham, director of product management, said that along with blocking ports and inspecting packet traffic, this firewall also controls which applications the endpoint can and can't use. "For instance, the administrator may set a policy so that the firewall lets a laptop browse the Internet but won't let it accept any FTP traffic," he said.

Connectivity Control
This function determines when and how your workers can connect to a network. It controls access to Wi-fi, Bluetooth, LAN, modem, Infrared, Firewire, and serial and parallel ports "We provide a tremendous amount of flexibility," said Candia. "The admin can set policies that predefine encryption strength, limit Wi-Fi use to specific types of adapters and even eliminate the possibility of rogue Wi-Fi networks by disconnecting an endpoint's Wi-Fi capability whenever it connects to a wired network."

Theft Protection
The theft protection feature protects company data by controlling the use of internal optical media such as USB thumb drives, Zip drives, MP3 players, CDRWs or any other device with its own data file system. In addition, Meacham said that the company added an encryption layer that lets admins set policies to protect data if the device is lost or stolen. "If a device is missing beyond a predetermined time, the data becomes inaccessible."

Endpoint Integrity
This section concerns making sure all endpoints are in compliance with company security policies — in the office, at home and on the road. Candia said that when connecting a laptop to the company network can be risky if that device isn't up-to-ate on all of its virus and spyware signatures and OS patches. "With ESS you can determine whether a device is up-to-date, and if it's not, you can quarantine the endpoint and deny it access to any network until all fixes have been made. "Candia said that if a device is quarantined, it can only access company-approved sites to receive the repairs and updates it needs.


Senforce Endpoint Security Suite
You Decide — One aspect of ESS lets you control wireless connectivity — here, you can choose to enable Wi-Fi and set the level of data encryption.

The Pricing Structure
As advertised, the Senforce Endpoint Security Suite comes as what Meacham called "a managed suite" — an integrated package complete with management software and reporting capabilities. But you can also buy the software packages as individual modules.

The managed software suite sells for a flat rate of $69 per person. The individual applications cost between $25 and $40 per person depending on the module. Annual maintenance (for help desk, upgrades and knowledge base access) costs 20 percent of the total per-user fee.

"Depending on the company and the industry, it may be easier for some small businesses to go without the integrated management. They can set the policies and download them to the individual endpoints and be done," said Meacham. "Companies that must comply to strict state or federal regulations should definitely choose the managed solution," he said.

Lauren Simonds is the managing editor of SmallBusinessComputing.com

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!
Originally published on .

Comment and Contribute
(Maximum characters: 1200). You have
characters left.