950 Elm Avenue
CA 94066 San Bruno, us
+49 (8081) 9597-72
Backgrounder – Securing remote Web users with Anywhere+
The ubiquity of wireless networks has led to a surge in the number of Internet-using remote workers. Gartner claims that 70 million Americans now work outside of the office at some point every day. In the UK, figures from the Office for National Statistics suggest that more than six million Britons work home or other external locations on a regular basis.
Businesses of all sizes have recognized remote and roaming workers as one of the biggest loopholes in their corporate Web security policy. Existing security provisions on the client-side (e.g., desktop anti-virus) or server-side (e.g., URL filtering software or appliances deployed in a DMZ) are not up to it. Extending these solutions for a roaming laptop users is complex, hard to maintain and expensive, and falls short of offering full "roaming" protection.
Unprotected roaming users not only pose a challenge to enforcing acceptable use policies, but they can return to the office with malware infected machines, which then spreads through the corporate network and can lead to data loss and increased costs associated with remediation of PCs.
VPNs aren’t up to the challenge
Virtual private networks are a favourite way of providing remote users with access to information on the corporate network, and they require the end-user to fire up client software and log in. Most appliance-based solutions require companies to backhaul remote users’ Web traffic over the corporate VPN to an Internet gateway, which creates latency issues, bandwidth congestion and extra costs.
And it is not a foolproof solution. Research shows that employees use their VPNs only17 per cent of the time. After all, why go through the trouble of logging on to your VPN if you only want to do a bit of Web surfing or check personal email?
There are a huge variety of public networks available to ‘road warriors’ and many of them will grab any connection they can just to log on. Even if they do find a secure connection, there is nothing to stop them deliberately or accidentally violating security and Web usage policies on their laptops.
What our customers told us
ScanSafe’s Anywhere+ was developed to meet the Web security needs of our customers. We surveyed them in December 2007 and found that:
- 95 per cent had at least 10 per cent of their staff working on the road regularly
- 92 per cent were concerned about Web usage and security for their roaming workers
- Web security threats and data losses were their top concerns
- 40 per cent thought that staff became less security conscious when working remotely
- 65 per cent of respondents reported that laptop users had tampered or disabled security features
- Nearly 40 per cent had been faced a security threat as a result of a roaming worker’s use of their laptop in the last 12 months. On of our customers told us: "by the time a remote users feels compelled to report a problem, the simplest solution is to just dump and reload." Another said: "We find a lot of malware running in the background, making the laptop so slow it is almost useless."
How Anywhere+ works
Unlike traditional remote security approaches that rely on client-based software or server-side appliances, Anywhere+ is delivered as a service. All inbound and outbound Web traffic is transparently redirected to ScanSafe’s global network where it is scanned in real time. Because all the Web traffic is scanned ‘in the cloud’, Anywhere+ eliminates the latency, bandwidth congestion and costs associated with backhauling traffic over the corporate VPN to an Internet gateway.
The service is deployed through a lightweight (3MB – using less memory than the iPod driver which detects if your iPod is attached to your PC) driver that authenticates and directs Web traffic to ScanSafe’s scanning infrastructure. The driver is easily deployed to external clients using industry standard mechanisms such as General Policy Object (GPO) and Microsoft SMS.
It support multiple authentication mechanisms, including Active Directory, and works with existing VPNs, desktop security clients and internal proxies. It also allows users to roam seamlessly between different Internet interfaces, wired or wireless.
Anywhere+ requires no end-user configuration and is completely tamper-resistant. It encrypts all Web traffic over standard SSL to ensure privacy and prevent data interception, even when roaming users access the Web from public networks.
As with all ScanSafe services, Anywhere+ allows simplified, centralized management through ScanCenter—its easy-to-use Web-based portal for reporting, control and administration. Web filtering policies can easily be changed and are active within minutes globally, with no need to wait for client software to try to update itself. In addition, reporting data is automatically and continuously aggregated across internal corporate users and roaming users.
Case study: Sumitomo Electric Wiring Systems
Sumitomo Electric Wiring Systems Europe (SEWS–E) has been trialing Anywhere+ as it looks to improve Web security for its 300 remote workers. Its previous security solution for roaming workers had not been able to prevent staff accessing the Internet directly or violating corporate Web use policy.
"Prior to Anywhere+, we used end point solutions to ensure a secure connection along with desktop anti-virus to provide malware protection for roaming employees," says the company’s network administrator, Paul Jennings.
"However, this didn’t allow users to safely surf the Internet from anywhere. For example, in order for employees to access an Internet hotspot while traveling, we’d have to allow an exception—basically punch a hole in our security armor—to enable them to access the Internet directly. As a result, employees could alter proxy server settings in the browser and surf the web without any filtering.
"It was quite evident that employees working outside the office were disabling security settings in order to get an Internet connection at hotspots and as a result, they were working without a security net. I would then see alerts from our desktop anti-virus notifying me that viruses had been detected when they visited malware-ridden websites."
SEWS–E also had an issue with the way employees were using their laptops for personal use, in a way that violated the company’s corporate Internet usage policy.
"Some people will access webmail on corporate laptops while they are out of the office, which leaves them vulnerable to picking up malware," says Jennings.
"With Anywhere+ I can set one global policy and ensure that employees cannot access webmail, regardless of whether they are working in the office or on the road."
According to Jennings, the trial has already identified many of the benefits of Anywhere+.
"In addition to extending our corporate security and Internet use policies to roaming workers, Anywhere+ makes our remote access security solution complete because it allows us to extend and enforce our Web use policy and provide protection against malware for all our roaming workers.
"It also improves the performance of remote connections because there is no backhauling of traffic to a central Internet gateway."
What Experts are Saying About A+
"Ensuring that web access is within an employer’s guidelines wherever the user happens to be is essential to protect both the company and the employee. Downloading lewd material or posting libellous comments could both damage the employer’s reputation and lead to disciplinary action against the employee, regardless of where the access point is. An on-demand web filtering service is an easy way to provide ubiquitous protection and Scansafe is a leader in this area."
Bob Tarzey, Service Director at industry analyst Quocirca Ltd.
Anywhere+ is available now to existing ScanSafe users as well as businesses looking to add roaming security capabilities to their existing Web security solution. It is an add-on service with pricing starting at £1.00 per user per month.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to firstname.lastname@example.org.