Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Mobile
    • Networking

    Whitelisting Gives Employees Choice While IT Retains Security Control

    Written by

    Fahmida Y. Rashid
    Published February 11, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Application whitelisting and security as a service will help enterprises protect their data as employees adopt cloud services and bring their own devices to work, according to a Gartner analyst. These issues are becoming even more important as the bring-your-own-device (BYOD) trend increases in popularity, thanks to devices such as Apple€™s iPhone.

      The explosion of mobile devices and increased adoption of cloud and software as a service has had a significant impact on enterprise security, John Pescatore, vice president and research fellow at Gartner, said during a Kaspersky Lab press event Feb. 8. Mobile devices and the consumerization of IT are “wrapped together” as they helped boost each other’s popularity, he said.

      The browser has become the universal client as more services and applications move online, Pescatore said during an interview. Employees want to be able to choose what applications and devices they can use to get their work done. Instead of exerting control and restricting what they can or cannot do, enterprises should shift to a security as a service approach, he said.

      With a mobile workforce, IT departments should focus less on protecting the corporate laptop, which the employee might not even use to access enterprise applications, but on securing how the user gains access. Regardless of what device the user has, whether it’s a PC, a mobile phone or the work laptop, enterprises can enforce strong password policies or deploy virtual private networks to secure the application.

      The growing amount of financially motivated cyber-crime has businesses worried about potential threats to their networks, said Pescatore. IT departments don’t know what kind of malware may have already infected the user’s PC, and they are understandably concerned that allowing that computer access to the enterprise network would result in the organization being compromised.

      While all threat activity would stop if all vulnerabilities in the browser, operating system and applications could somehow be eliminated, “obviously, you can’t do that,” said Pescatore.

      It’s also not possible to lock down the enterprise network to restrict what users can run or do to keep potential threats out of the environment. While enterprises have used dumb terminals in the past, “we are not going back to that world,” said Pescatore.

      Organizations can learn from the success of Apple’s AppStore model to give customers limited choice, said Pescatore. Apple has proven that most users are willing to stick with what is available in the AppStore instead of jailbreaking the device to go install non-approved apps, he said. Instead of just letting users use whatever they want from any source, organizations can present a selection of approved options.

      The key is to offer more than one choice, said Pescatore.

      Instead of saying users can’t install instant messaging clients or requiring everyone to standardize on one specific client, the IT department can offer several suggestions and tell employees where to go to download them, Pescatore suggested. This way, there is less chance of users downloading infected versions, and they feel as if they have a choice in what software they are using. The IT department can restrict the network so that only applications recognized by the whitelist can get access to the network or online. Since users have a choice on what to install, they are less likely to go looking for other applications, or protest when unapproved applications don’t work, said Pescatore.

      Threats evolve and security has to change in order to keep up, said Pescatore. Years ago, email macros wreaked havoc in organizations, but the improvements in email defenses have more or less obliterated that threat. As administrators get better at keeping up with patches, attackers have shifted their efforts to the browsers with phishing attempts.

      “We are in an infosec refresh,” said Pescatore said. “Our defenses have gotten better.€

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.