|
By Cara Garretson
Many IT professionals believe their endpoints are vulnerable and blame the growing use of different types of client devices, insufficient IT budgets, and a lack of executive-level attention to the issue, according to a recent study.
Endpoint security refers to how vulnerable PCs, smart phones, and other end-user devices connected to a corporate network are to threats picked up from the Internet, e-mail, unsecured wireless networks, or removable storage. These threats -- which include viruses, Trojans, worms, and other malware -- can infect not only the devices that pick them up, but also the networks they are attached to.
Published this week, the State of the Endpoint study was conducted by the Ponemon Institute and sponsored by security vendor Lumension, with responses from IT professionals in the U.S., U.K., Germany, Australia and New Zealand. While these respondents said they see the productivity value of more and different types of endpoints on the network -- particularly smart phones and other mobile devices -- IT security measures aren't keeping up with the proliferation of these new types of endpoints. Yet threats picked up at the endpoint represented the most frequent security incident that respondents have had to deal with over the past year, according to the report.
In particular, the growth in use of unauthorized devices, applications, and removable storage creates a threat to the security of the corporate network, since IT departments often aren't even aware of these unauthorized devices and applications until they've already unleashed a threat on the network, according to the study.
"The State of the Endpoint (study) provides still more evidence that companies are racing to adopt new technologies faster than they can understand their impacts on data security and develop effective use and integration policies. As a result, networks are growing more and more complex, making the task of securing sensitive data more and more difficult," said Larry Ponemon, chairman and founder of The Ponemon Institute, in a written statement.
Nearly half (47 percent) of the respondents said their organizations are not proactive in managing privacy and data protection risks, and even more (49 percent) said their companies don't view data security as a strategic initiative across the enterprise.
In addition, 51 percent of respondents said they did not have adequate budgets to invest in security technology to effectively protect the endpoint, nor did they have employees trained in such security on staff. The study also highlighted a riff growing between companies' IT security departments and IT operations personnel, showing that collaboration among these groups is inadequate, as well as a disagreement over the security threat posed by end-user PCs and devices that are often managed by IT operations.
For example, 60 percent of respondents who are security professionals said laptops and other mobile data devices present a significant risk to the corporate network, while only 53 percent of respondents who work in IT operations answered the same.
And when budgets are available, the security products currently on the market tend to be overly complicated, according to respondents. Many endpoint security products require software agents to be installed at the endpoint, and on average respondents who use endpoint security products said they must manage 3.7 agents on each endpoint that tie into different security products. Respondents also said they must manage, on average, 3.9 different administrator consoles to use these products.
Only registered users can write comments.
Please login or register. |
