The nine most common endpoint management problems:
You are not able to control whether only authorized people draw data from the corporate network (e.g., via USB sticks).
The problem: While USB interfaces are very practical indeed, they also constitute a major security risk, since it is very easy to draw data from the company with these devices. Simply blocking these interfaces with the Windows standard tools is not sufficient to address this problem, for in today’s business world it is sometimes necessary to transport data on mobile devices.
The solution: It is important to “manage” the endpoint interfaces which are used for data transfer by assigning different permissions to the individual company roles; this should also include options to address specific working situations such as changing permissions offline.
It must also be possible to only allow specific devices to be used within the network.
Who is granted read-only access to data, and who is permitted to save, upload or download data with which devices? If you are able to manage these issues with a minimum of administration effort, you have the endpoint interfaces under control without having to block them completely.
Some employees use unlicensed software, such as games, which puts your company’s license compliance at risk so that you may be fined accordingly.
The problem: The computer in the company can be used as the home PC. So why shouldn’t your employees use it during their breaks to play PC games, listen to their mp3 music or edit their personal pictures with their private software? That sounds quite harmless, but is not harmless at all. It is illegal to run privately licensed software for which your company has no license within the company, and the company is liable for such license violations.
The solution: You can define which products may be used within the enterprise network by filtering and blocking unauthorized applications accordingly. This is the only way to ensure that your company does not run any compliance risks and might even be held liable for such license violations.
And there is another positive side effect: Your employees are not led into temptation to use their computers for personal purposes during working times, which helps you avoid productivity losses.
Data are transmitted without encryption, and sensitive data may fall into the wrong hands when storage media (USB stick, CD, DVD, external hard disk, mobile phone, laptop) get lost.
The problem: While encryption solutions exist in most companies, they are often not in use. Many solutions lack acceptance, since they are complicated to use or the employees simply are uncertain about whether they are handling them correctly and bypass encryption to avoid that data cannot be found or read any more. Rather, they walk around with unencrypted data.
The solution: Encryption solutions must run transparently in the background without interrupting the users’ workflows or requiring employee interaction to activate encryption. Rather, it is done on the file level, without any possibility and no reason whatsoever to bypass encryption. This way, you can be sure that your data are always encrypted and illegible in case they get lost during transport.
Users need such external storage media for their work; but you want to ensure that certain persons are only allowed to work with certain devices and certain file types (e.g., Office and PDF files), while movies, music and executable files are blocked effe
The problem: Simply blocking interfaces, which can be done with the Windows standard tools, means that no employee can use the devices any more – not really a solution to the problem, since some employees must be allowed to work with mobile data or, for example, use digital cameras for working purposes. Therefore it must be possible to specify which devices and which data types may be used within the corporate network.
The solution: It must be possible to permit specific devices and data types within the corporate network and to simply connect the respective devices and use an intuitive menu to set the required permissions. Data types are simply defined by file extension. While it is no problem to use any authorized devices, all devices that have not been granted access rights and all data types that have not been defined specifically will be blocked accordingly.
With multiple software products required for solving security issues, administration of the corporate security architecture gets increasingly complex.
The problem: Due to the great variety of security issues it is necessary to work with several products to solve these problems. If all of these solutions are used as isolated products with different administration concepts and interfaces, it is difficult to keep track of them. No administrator has the time to focus exclusively on the security architecture, no matter how important it is.
The solution: You should rely on a single partner who provides a “one-stop-shopping” solution for most problems, based on an integrated architecture concept. The security landscape should be monitored and controlled via a single, central management console. Intuitive handling minimizes training and allows you to delegate a lot of tasks to the helpdesk staff.
Your systems consume energy, even during times when they are not in use. In many companies, the amount of energy consumed is four to five times higher than actually required.
The problem: Once the systems are started in the morning, they run the whole day, no matter how much they are used or if they are used at all. While the stand-by mode for the monitor is an established standard feature, there are still various hardware components for which no management is provided. Considerable amounts of energy are consumed in enterprise networks quite unnecessarily, which puts a strain on the budget as well as on the environment.
The solution: A state-of-the-art power management solution allows for the flexible management of various client-side hardware components, based on the individual users’ requirements; this also includes the possibility to specify settings for individual components or to start up the whole network in the morning and shut it down in the evening. Sometimes it is necessary to exclude the standby mode for an individual component, for instance, the monitor during a presentation; this can be specified accordingly. Power management solutions save money while improving a company’s environmental balance.
You don’t know whether employees have only access to data that they need for their work.
The problem: Many companies lack a consistent, end-to-end organization of their data paths, and so, employees can access far too many data, including data they do not need for their work.
The solution: Ensure effective data protection by controlling who can access which data within the corporate network. Based on an employee’s specific tasks, you can define which data he needs for his work. The less data he can use, the less data he can compromise.
This does not only prevent data losses, but also ensures that employees can use their endpoint for their work only, ensuring their effectiveness and efficiency to increase productivity levels.
Users’ acceptance of security solutions in use (e.g., encryption) is low, and your employees try to bypass such measures.
The problem: While security solutions exist in many companies, they are not used or are bypassed, because many of these solutions are difficult to implement and require considerable training. They are complicated to use and interrupt the normal workflow. If, for instance, additional user interaction is necessary to encrypt data, people will simply bypass encryption when they are in a hurry.
The solution: Intelligent solution concepts integrate security software interactions into the normal workflow without interrupting users’ work. If, for instance, encryption is done on the file level during the normal “save” process, your employees do have no reason whatsoever to bypass the solution, for they must save their data anyhow.
Intuitive handling concepts minimize related training or do not require any training at all. Intelligent administration concepts reduce costs and efforts for implementing and operating security solutions significantly.
You have no idea what kind of data and software (even viruses and Trojans) reach your network through portable devices such as USB sticks, either intentionally or inadvertently.
The problem: Endpoint interfaces may not only be used to draw data from, but also to enter data into the enterprise network. For people who want to damage your company it is very easy to introduce viruses and Trojans through such interfaces. Infected media might cause serious damage, even if the respective users have no intention to do so.
The solution: The intelligent “management” of interfaces does not only protect your network from unauthorized downloads from, but also from unauthorized uploads into the network without completely blocking the respective interface. It must be possible to assign different rights to various roles within the company.
Secure upload protection can also be achieved by only authenticating specific devices. For instance, it is possible to reject personal USB sticks and block their usage from the beginning. Employees with download and upload permission receive company devices that are protected against viruses and Trojans accordingly.
“Its usefulness, innovative content and its suitability for medium-sized companies.”
"We were very impressed with the simplicity of the solution."
5 Star Solution