Endpoint Security Frustrates IT
There's a groundswell of frustration about today's endpoint security, as well as worries about how newer technologies such as virtualization or cloud computing will impact it, according to a new study.
Tue, November 17, 2009
Network World — There's a groundswell of frustration about today's endpoint security, as well as worries about how newer technologies such as virtualization or cloud computing will impact it, according to a new study.
The Ponemon survey of 1,427 professionals in IT security and 1,582 in IT operations, working in business or government who live in the United States, the United Kingdom, Australia, New Zealand or Germany, were asked how they managed endpoint security, how things were going with the budget and security policies, and even whether the IT security and operations divisions worked well together.
The result of the Ponemon survey, titled "State of the Endpoint," paints a picture of discontent -- though respondents in Germany were the most upbeat, expressing views that they were executing well on policies and their IT security budgets were holding up.
"The Germans are much more structured in their thinking about these issues, such as collaboration and policy," says Dr. Larry Ponemon, chairman of Ponemon Institute, which conducted the study with sponsorship from Lumension. "They have the highest regard for policies.”
Fave Raves: Six enterprise products people love
Seventy-seven percent of the respondents in Germany said they thought their network was more secure than a year ago, while only 44% in the United States, 42% in Australia and New Zealand, and 57% in the United Kingdom felt that way. When asked if the organization's IT security budget supported business objectives, 51% in Germany said it did, but only 43% in Australia and New Zealand, 31% in the United Kingdom and a mere 27% in the United States answered yes.
Overall, 49% said "data security is not a strategic initiative" for their companies, and 56% believe "mobile devices are not secure." Forty-four percent said their organizations subsidize or plan to subsidize employees' mobile devices, 40% say employees can connect their devices to the company network and 26% have policies permitting employees to connect their own devices to the company network.
There was a widely noted disconnect between how well the IT security and operations people work together on security-related projects, plus frustration about the level of involvement of the CIO. Seventeen percent of all respondents described the collaboration between the IT and security operations as "excellent," 52% said it "could be improved" and 31% said it was "poor."
Ponemon said IT operations people tend to have a "git 'er done" attitude while security people more often will want to hold back as they contemplate the impact of new IT undertakings on risk.
Security
- Google Settles Buzz Privacy Lawsuit
- HP Buys 3Par, Apple Rolls Out New Gear
- Apple had Two Months to Fix Critical QuickTime Bug, Says Researcher
- What Security Can Learn From the $15M Sprint Employee Breach
- Ping a Scammers Haven? Security Experts Say Watch Out
- Consumer Group Lampoons Google CEO Over Privacy Issues
- Security Program Automatically Tracks Down Missing Patches
- Women Did Well on Defcon Social Engineering Test
- Facebook Glitch Let Spammer Post to Walls
Delivered every other week, this newsletter features a comprehensive look at security from CIO.com.
