Posted by SecExtra on March 06th, 2008

Once confined to the office, the global workforce is on the move. Research group IDC estimates that there will be one billion mobile workers by 2011. The prospect of a constantly connected, roaming workforce has serious implications for information security.

The biggest risk comes from users who surf the Web unprotected while ‘on the road’ and return to the office with virus-infected laptops that can potentially vandalise the corporate IT network or lead to data loss. Roaming workers are more likely to violate corporate Internet usage policies – treating their laptop as a personal device outside work hours, maybe using it to visit potentially dangerous gambling or download sites.

In a recent survey of IT managers from our global customer base, 65 per cent of respondents reported instances of roaming workers tampering with or disabling security features on their laptop when working remotely. Forty per cent said they had been hit by a security threat as a result of a roaming worker’s use of their laptop in the last 12 months.

VPNs Aren’t Up to the Challenge
One prevailing misconception about roaming security is that a corporate VPN will protect roaming users from Web threats. Unfortunately, VPNs are not the cure-all that many enterprise security managers assume they are. 

An obvious short coming of VPNs is that they only work when they are turned on. Recent research found that employees use the VPN only 17 per cent of the time. Why go through the trouble of logging on to your VPN if it is simpler to log on to the Internet directly for a bit of Web surfing or personal email? 

Client-Based and Server-Based Solutions Don’t Provide Complete Protection
Traditionally, security for roaming workers has been addressed from the client-side (by desktop anti-virus solutions) or server-side (URL filtering software and/or appliances deployed in the DMZ).  

Desktop anti-virus only protects against known malware for which a signature exists. Anti-virus solutions do not filter content and can’t enforce an Internet usage policy. Client-based anti-virus software requires constant updating and is a drain on PC performance. This often frustrates users so much that they disable it. 

Appliance-based solutions only offer URL filtering and do not protect against malware. These solutions typically crawl the web to build databases of known “bad” URLs to identify unwanted Web traffic rather than actually scanning each web page in real-time to identify malware. They often miss many new exploits, leaving users unprotected.

Creating an Elastic Perimeter for Roaming Employees
To truly protect roaming users, a solution should provide an elastic security perimeter that moves with the employee without introducing latency, increased bandwidth costs or requiring constant updating. Software-as-a-Service (SaaS) solutions are ideal because all the heavy lifting is done in the cloud.

SaaS solutions can seamlessly extend corporate security policy to hotels, airports, remote offices, homes or anywhere else employees might use their laptops. All the scanning of Web content is done in the cloud in real time and there’s nothing to deploy. SaaS solutions merely require traffic be redirected to take advantage of the service provider’s global network. This eliminates the need for IT staff to manage and update a premise or client-based solution.

Finally, keep in mind that you’ll want a solution that cannot be tampered with by the end user and offers centralized policy-setting and reporting so that you can seamlessly set policies with no endpoint client hassle or updating. You’ll also want a service that can implement policy changes immediately without waiting for updates to be pushed out to appliances or client software.

The world is getting smaller, demanding that people work anytime, anywhere. Can you say the same of your Web security solution?