HEAT Security Blog

The Worldwide State of the Endpoint: What Organizations Should Pay Attention to in 2010

We’ve been discussing how unprepared organizations in the U.S. are for cyber attacks, and now there’s new research that backs up these concerns and illustrates the inherent weaknesses that must be addressed if we’re to adequately safeguard our information and vital systems.

A new Ponemon-Lumension survey on the worldwide state of the endpoint shows that companies feel less secure than they did last year, mainly because of ineffective budget allocations, poor collaboration across IT operations and security and lack of company-wide policies.

Here are a few of the key findings of the survey:

  • Many (44 percent) of IT security and IT operations practitioners in the U.S. report that their IT network is less secure than it was a year ago. In comparison, German companies had a much more favorable view of their security posture, with more than three-quarters of German-based respondents saying they feel more secure than a year ago.
  • Along with a general feeling of insecurity compared with a year ago, many companies worldwide report that they don’t have a company-wide IT security policy in place to prevent negligent insider misuse of technologies connected to the endpoint. Once again, the U.S. companies trail the field, with only 41percent of IT security and 42 percent of IT operations professionals reporting the existence of a company-wide IT security policy at their organization.
  • IT security budgets still aren’t where they need to be to fully support business objectives and security priorities, and they’re expected to remain largely flat in 2010, especially in the U.S. In every other region surveyed, budgets are expected to rise in the coming year.
  • Nearly three-quarters of survey respondents identified negligent insiders as a major IT security risk heading into 2010, and about half reported that mobile computing was a major concern for the year ahead. On the positive side, a majority of respondents said deploying endpoint security technology to protect against these threats and other security incidents was a major driver behind their investment in such technologies.
  • In many organizations, collaboration doesn’t happen as often as it should among the IT and security practice areas. The survey shows that these two groups tend to have different perceptions about areas such as knowing what technologies are used that could put the endpoint at risk, and what the major security risks are to the network.

The study also suggests that the drive for efficiency will drive a more rapid adoption across cloud computing, virtualization, web 2.0 and employee subsidized laptop programs. However those avenues could lead to an increasing IT risk with limited budgetary and c-level support to manage that risk.

Organizations need to address the growing endpoint complexity that has been exacerbated by point technologies. Central to this is looking at adopting an endpoint platform or suite-based approach where several technologies can be integrated and operation and security functions can be addressed with greater efficiency.

Also, organizations must think about how to generate greater convergence across their IT operations and security functions for better communication, collaboration and visibility in order to better optimize security to address risks.

The survey results are certainly worrisome, and they prove that the U.S. truly is behind when it comes to taking a proactive approach to cybersecurity. This message comes across loud and clear in this report. Let’s hope IT and security executives in the private and public sector are listening.