Over the past couple of years I have attended quarterly briefings given by CheckPoint Canada that give me some perspective on Internet security issues from a third party (relative to Microsoft, Google, Facebook, Skype, etc.) who understands not only the issues that challenge a business’s Internet security but also how they are changing over time. I’m more interested in the security issues overview and what business issues need to be considered and addressed, not the technology details. (I’ll trust CheckPoint’s sales results to be the guide as to their credibility.) CheckPoint Canada’s presentations are quite educational in this respect, in part due to the knowledge and passion of their lead technical resource for Canada.
At the most recent presentation two weeks ago I learned (i) about the evolution of CheckPoint’s new approach to addressing security at the enterprise level and (ii) about an experience that demonstrated one simple example of CheckPoint’s thoroughness at identifying and addressing Internet security issues at a personal engagement level.
In taking a new approach there are several changes in the business environment that challenge the ability of simple solutions such as firewalls and IP address identification to manage security, including intrusions such as malware and business data loss.
- Users have more than one device: a PC, a smartphone, maybe even a tablet.
- Employees need to be able to carry on personal activities, such as banking, from their place of employment
- this creates data privacy issues
- IP address-based policies no longer work – users no longer belong to one network.
- The emerging IPv6 standard means that it will become very difficult to track activity via a “single” IP address; also the IPv6 protocol is not a simple extension of IPv4’s nnn.nnn.nnn.nnn format.
- Security policies need to synchronize with a customer’s internal business processes as the priority.
- Use of collaboration tools and services is on the rise; not everyone is at one “secure” location.
- Security needs to address permission issues involving both websites and applications
- 189 new websites were created every minute in 2010
- The rise of video use for, say, marketing and support create bandwidth issues
Yet businesses obviously continue to seek protection against security breaches and data loss at minimal overhead and costs to the operation.
CheckPoint addresses these issues with a focus on the business’s policies, people (employees and contractors who need access) and enforcement as opposed to the underlying technology infrastructure. This is reflected in their unique ability to configure their installations to meet a business’s needs. In its infrastructure CheckPoint maintains a dynamically updated database of critical data.
In part CheckPoint addresses these issues through engagement of users as they attempt to visit a website or use an application:
- For instance, when accessing Facebook, a notification comes to the user advising of company policy and a warning about the information that cannot be shared on Facebook.
- Exceptions can be established to permit access to, say, an online banking site without inspecting data.
- All traffic is inspected to ensure SSL certification where appropriate.
One issue CheckPoint addresses is data loss prevention, both internally and externally. Here is one example of how CheckPoint has a significantly complete offering that provides a warning to the individual employee’s activity.
CheckPoint Canada’s Regional Security Engineering Manager was recently checking out one of Checkpoint’s new data loss prevention (“DLP”) tools on his home network (no, they do not have a home product, yet). He attempted to check into an Air Canada flight via the Air Canada application on his iPhone. But the DLP software identified an issue:
His personal information data – including his Aeroplan number – was going across the Internet to Air Canada as unencrypted clear text. Apparently doing an Air Canada check-in via their website is encrypted; however, until Air Canada addresses this issue for their iPhone application (they have been notified), Kellman will not be doing check-ins via his iPhone (and probably the same applies to their BlackBerry application).
Bottom Line: What I can say from the presentation is that CheckPoint has developed not only the technology expertise but also the business experience that addresses they dynamic nature of the Internet, its growth, its usage and its security threats while ensuring that individual users can be comfortable with their work and personal activities. As with business use of social media, engagement of the individual user is a key to their ongoing success. (And their recent sales growth is the best indicator of that success.)
One final comment: CheckPoint employees are heavy users of Skype and, in fact, CheckPoint has no qualms about allowing usage; in the case below, the CheckPoint customer is giving permission for its sales department to use Skype. I’ll have more to say in another post about Kellman’s use of Skype to keep in touch with his young family while having a heavy travel schedule across Canada and to CheckPoint’s headquarters in Israel.