Mobile phones, PDAs, smartphones, notebooks, remote access and USB storage devices have all been key drivers of business, allowing companies to free their employees from their desks and get them out in the marketplace. Although the widespread use of these technologies has been good for business, it has also created a nightmare for information technology (IT) departments that struggle to secure these connections, with each new device representing a potential security breach. Previously, IT departments secured their networks by limiting the types of devices that could access them, but this is no longer an option because companies and employees are reluctant to give up the mobility and productivity gained from their iPhones, BlackBerrys and social networking sites. As a result, the security industry is pushing through a paradigm shift by transferring the focus from a centralised server-based model to the device at the edge of the network. 'In the old days, everything was processed by the server via an internal network, so server and network security were good enough,' explained Michael Chue, managing director of Symantec Hong Kong. 'But things have changed in the last 20 years. Endpoint devices are more capable and have more processing power, so we are shifting some of the security away from the server and letting the endpoint device do some of the work.' This means that the devices are now actively working in conjunction with various security software packages and appliances on the server to filter out spam, block viruses, prevent intrusion and generally create a hard barrier at the edge of the network. The idea is that, with each device protecting itself, it will limit systematic threats across the whole organisation. It is a development that could not come too soon, according to industry commentators, as demonstrated by a Symantec survey conducted at the beginning of this year. The research found that out of 1,000 IT managers surveyed in the United States and Europe, 98 per cent of respondents said their organisation had experienced a tangible loss as a result of a cyber attack, 46 per cent experienced downtime and 25 per cent were hit with theft of corporate data. Besides actively preventing threats from getting onto the network, via e-mail and the internet, endpoint security systems are also coming into their own by preventing data loss when devices go missing. 'The increased mobility of workforces and new and remote work styles, involving many confidential communications to be done over e-mail with data files attached and stored on the laptop, have created holes in the perimeter as endpoints hold confidential data,' said Itzhak Weinreb, vice-president of Asia-Pacific sales at Check Point Software Technologies. He cited a recent study conducted by Dell and the Ponemon Institute that looked into the security measures in place on laptops lost in the US. The research found that 53 per cent of professionals stored confidential data on their laptops, with 65 per cent of them not having any protection for that data. These statistics become meaningful when you consider that an estimated 12,000 laptops are lost in US airports each week. 'These numbers demonstrate clearly that data is not protected and, based on various privacy and compliance regulations, endpoint security is just not an option any more,' Mr Weinreb said. Hong Kong has its own examples of where endpoint security could have prevented an embarrassing data leak, according to Andy Wilkinson, Axway's senior vice-president for Asia-Pacific. He cited the case of a doctor of obstetrics and gynaecology at United Christian Hospital in Hong Kong who lost a USB flash drive this month. It had data about foetal heart scans, patient names and ID numbers, and a case summary for clinical discussion containing the patient's name and details. Yet, despite the clear benefits, vendors themselves are quick to caution that companies need to take a holistic view of their security infrastructure and how they will maintain and manage it when acquiring an endpoint solution. 'Adding endpoint security does not add or decrease TCO [total cost of ownership] - it is an additional layer to the security infrastructure,' Mr Weinreb said. 'What helps TCO is a flexible security architecture that provides unification of all security functionalities, but in a flexible, expansible way.' This sentiment is echoed by Mr Chue. 'It is no use implementing an endpoint system if it is only going to add to the complexity of managing your entire security environment. That is only going to slow down your response to a breach and make analysis and patching difficult afterwards,' he said. However, all the security executives agree that securing the endpoint is no longer a good thing to do, but something that must be done. 'No matter how small or large an organisation, the risk of sensitive data falling into the wrong hands remains unchanged,' Mr Wilkinson said. 'And, while these security measures may add to overheads and costs, the resulting reduction in risk is more than worth the investment. It is highly unlikely that anyone wants to appear in tomorrow's headlines owing to another bout of information leakage.'