Companies Slow to Adapt to Changing Security, Technology Environment; Ineffective Budgets Poor IT Collaboration

The adoption of mobile devices, cloud computing and collaborative technologies is happening faster than companies are able to adapt security policies, resulting in greater risk to sensitive corporate and personal data, according to Worldwide State of the Endpoint 2010, a new Ponemon Institute study commissioned by Lumension. Insufficient resources and a lack of C-level support for security initiatives were cited among the reasons for these shortcomings.

Key Findings:

•56 percent of individuals surveyed said mobile devices are not secure, representing a risk to data security;

•49 percent of individuals surveyed said data security is not a strategic initiative for their companies;

•48 percent of individuals surveyed said their companies have allocated insufficient resources to achieve effective data security and regulatory compliance;

•47 percent of individuals cited a lack of strong CEO support for information security efforts as a reason for ineffective data security programs; and

•41 percent of individuals said there was a lack of proactive security risk management in their organizations.

Key Insights:

•The Worldwide State of the Endpoint 2010 study was conducted to better understand how emerging technologies, such as Web 2.0, mobile computing and the “consumerization” of IT – the accommodation and integration of employee-owned mobile devices within the corporate enterprise – are affecting business environments and how organizations are managing security risks across IT operations and security; and,

•Significant perception gaps exist between IT security and IT operations professionals related to the complexity of security technologies, misalignment of IT and business objectives, technology integration, and employee skill and knowledge.

Other Findings:

•44 percent of organizations subsidize or plan to subsidize employees’ mobile devices, 40 percent of organizations say employees can connect their own devices to the company network, and 26 percent have policies permitting employees to connect their own devices to the company network;

•31 percent of respondents said collaboration between IT security and IT operations was non-existent;

•72 percent of respondents view negligent insiders as a top security threat heading into 2010; and,

•The five most important features for managing endpoint security were identified as:

?Anti-virus and anti-malware technology (80 percent)

?Whole disk encryption (70 percent)

?Application control (69 percent)

?Patch and remediation management (68 percent)

?IT asset management (61 percent)