A Better Approach to Device Security in the Enterprise
In the first half of 2018, there were nearly 1,000 major data breaches, which resulted in the disclosure of more than 4 billion records.1 The reputational and cost impact of these breaches is staggering. The problem has become so acute that governments have stepped in and implemented onerous legal and compliance regimes such as the European Union’s General Data Protection Regulation (GDPR) and the coming U.S. Data Protection Act (DPA). Further, the liability for data loss is increasing substantially: Ponemon Institute now estimates the cost of an average data breach at $4 million.2
Perhaps the single most common point of attack is user devices. With inconsistent security tools and many PCs running older and insecure software stacks, there are numerous ways these devices are compromised. Without automated security updates and a platform designed to be secure at the outset, attackers can easily compromise devices using malicious websites, email attacks, compromised networks, and more. Making matters worse, the theft of user credentials is epidemic, making the legacy username-password approach to authentication outmoded. Combining more secure operating systems and devices that automate key security processes is essential to protecting the organization.
Comprehensive Device and User Security Is Necessary to Combat Current and Future Threats
There has been a fundamental change in the nature of cyberattacks. The emergence of state-sponsored and organized crime attacks perpetrated by larger teams of highly skilled technology experts dramatically raises the threat level. Unfortunately, the corresponding fundamental change in how cyberdefenses are deployed has not yet fully caught up. The strategy of continually deploying new point products to combat the newest threat or trying to react to threats as they occur is outdated, as is the process of trying to “disinfect” systems after they are compromised or responding to zero-day attacks after they become known.
The deployment of a pantheon of unique security solutions, each designed to combat one aspect of an attack, increases complexity and the chances for errors or oversights. The result can be a gap in protection. In this model, defenders must be right every time while attackers need be right only once. The “Jenga approach” to security is an outdated model. It is far better to deploy on each device a software stack or operating environment that has a fully integrated set of security capabilities.
In addition, compliance, legal and governance regimes require enterprises to be able to document effective security deployment in a consistent and comprehensive manner. Documentation that cyberdefenses have been deployed to all endpoints and users is a requirement to pass many audits. Again, an operating system and device built to be secure with native security functionality is a better path to take.
A focal point of new cyberdefenses is to substantially improve the user authentication process to prevent attackers from using purloined credentials. As credential theft skyrockets, it has become clear that more stringent and effective authentication is now needed. Multifactor authentication (MFA) is an important part of cyberdefenses, but many older devices and software platforms don’t support MFA very well.
ThinkShield by Lenovo Combined with Intel vPro Provides Next-Generation User and Device Security
Lenovo has taken a leadership position over several years in delivering compelling and valuable services that simplify the ownership experience for larger enterprises. And cybersecurity has been a primary area of focus. This is the genesis and driving vision of Lenovo’s ThinkShield security offering. Combined with the advanced security features of Intel® vPro™ Platform, it delivers an integrated and comprehensive solution for user and device security. The solution can be customized based on the individual needs of the enterprise, unlike some solutions that force businesses into a “one size fits all” approach.
Lenovo’s ThinkShield provides an entirely new level of protection with stronger authentication tools. Utilizing Intel® Authenticate technology, it enables support for MFA with protected fingerprint and facial recognition and protected PIN authentication. Lenovo also delivers the industry’s first Fast Identity Online (FIDO) certified authenticators for using sites such as Dropbox®, Google™, and PayPal®.
Lenovo’s ThinkShield offering, and its combination with Intel® vPro™ Platform, changes the game for enterprise device security with a cohesive, integrated and comprehensive cybersecurity platform. This allows IT to focus its attention on more important security issues. For more information, please go to: https://solutions.lenovo.com/pc-solutions/thinkshield/