Home > Uncategorized > Endpoint Security

Endpoint Security

I recently attended the RSA Conference in San Francisco. Among the many things that I did while I was there, I visited various vendors’ booths. I could not help noticing the huge emphasis that a number of vendors were placing on endpoint security. Endpoint security “is a strategy in which security software is distributed to end-user devices but centrally managed.” Just about everybody who knows anything about information security knows that security threats have shifted considerably over the years to the point that workstations and users are now more than ever frequently targets of attacks. The greater emphasis upon endpoint security thus makes a great deal of sense.

I also learned of a Gartner Group presentation that addressed problems resulting from Microsoft’s integration strategy. The Gartner analyst asserted that Windows workstations are in effect becoming fatter and fatter clients.  What started out as a lean operating system on which a few key applications such as word processing and spreadsheet applications ran has turned out to be an enormous, complex bundle of code for which integration of software, much of it created by Microsoft itself in the name of improving security, is becoming an ever growing challenge. What is worse is that there is apparently no end in sight for this trend, something that will increasingly exacerbate the problems that have resulted. The Gartner analyst expressed hope that Microsoft will find a way to deal with the bloated client problem. In a recent conversation over this topic a friend of mine was not nearly as optimistic. After we finished discussing this topic, it dawned on me that it is almost as if Microsoft is going to have to start over again by creating a new breed of operating systems, ones that are more similar to its early Windows systems, if it is ever going to produce a thinner, more manageable operating system that overcomes integration problems. And if it does this, the product appeal of such software will be considerably diminished—after all, the availability of new features is what entices users to abandon versions of products that they are currently using in favor of purchasing the latest version. Additionally, there almost certainly would be a lack of security in any hypothetical thin client Windows operating systems because of the need to drastically reduce the amount of code in them. Security-related programs, the ones that deliver endpoint security, would have to be cut out to make the client considerably thinner.

Regardless of the direction Microsoft goes with its future operating system products, one thing seems very clear to me—endpoint security, as logical as this approach is, only adds to the fat client problem. As such, I foresee the future of endpoint security as limited. What is the alternative, then? I think that just as Google and Yahoo offer free search services so that they can make money from advertisers, companies such as these will make free computing services available to the public. Customers will connect to a Google or Yahoo-(or perhaps even Microsoft-) created operating system from extremely dumb terminals such as the ones used for Web TV access. Users will be expected to do nothing (or perhaps nearly nothing) for the sake of security. Security will instead be supplied by the computer services provider. Talk of endpoint security will then become moot and honestly, provided that the providers build in a thorough set of well-designed, well-implemented security controls, security for end users is likely to improve drastically.

I know that I have almost certainly stepped on a few toes, and for that I apologize. Please just do not misinterpret what I have written. I am not recommending that endpoint security be scrapped. All I am saying is that endpoint security and increasingly bloated versions of Windows operating systems cannot continue to co-exist. Stay tuned for future developments, as this issue is one of the most fascinating ones that we currently face.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.