The State of Endpoint Security
The amount of time IT organizations are spending on security issues is starting to have a significant impact the rest of IT operations.
The battle between good and evil in terms of security is starting to shift locations. Instead of being primarily focused on the network perimeter, it's starting to become clear that the new definition of the network perimeter involves the client device.
Unfortunately, a new study of 688 IT security professionals in the U.S. conducted by the Ponemon Institute on behalf of Lumension Security, a provider of endpoint management and security software, shows that IT organizations are losing that battle. The reason for this, says Ed Brice, Lumension senior vice president for worldwide marketing, is that with the advent of mobile computing, removable media devices such as USB drives and a host of new applications that run on those devices, IT organizations are falling behind when it comes to investing in technologies such as application control and mobile device management.
Alas, the survey finds that the bulk of the IT security budget is still being applied mainly to firewalls and anti-virus software running on traditional PC devices. The end result, says Brice, is that when it comes to mobile device security, IT organizations are falling further behind.
The good news is that the survey says that IT security professionals clearly identify mobile devices, removable media and third-party applications as the biggest risks to their organizations. But less than half of those surveyed said they have the "ample resources" they need to minimize endpoint risks, which goes a long way to explaining why future investments in IT security are still fairly limited to a narrow range of technologies even as security technologies continue to get more robust and sophisticated.
In the meantime, the survey makes it clear that many IT organizations are seeing an increase in the number of attacks, which manifests itself in the fact that 41 percent of those surveyed said their networks were less secure than they were a year ago. Hopefully, that fear will be enough to motivate IT organizations to re-evaluate their IT security strategies for 2012 at a time when the very nature of enterprise computing has never been more dynamic or difficult to manage.