Poor Staff Collaboration and Complexity of Software Hamper Security Efforts

• By Dian Schaffhauser
• 12/01/09

Nearly a third of organizations report that collaboration between IT security and IT operations people is non-existent, and more than half believe collaboration between security and operations can be improved. That lack of communication could hurt environments where the adoption of mobile devices, cloud computing, and collaborative technologies is happening faster than organizations are able to adapt security policies, resulting in greater risk to sensitive data. The challenge is heightened owing to the complexity of endpoint management systems, whose features cross security and operation lines in most environments.

Those results come from a wide-ranging survey done by security research firm Ponemon Institute and commissioned by Lumension, which sells computer security products.

Endpoint security protects an organization's network from threats that include as virus and malware attacks, cyber crime, and employees' unauthorized use of mobile devices, as well as illegal applications on laptops, desktops, and other Internet-connected devices provided by the enterprise. The five most important features for managing endpoint security were identified by respondents as anti-virus and anti-malware technology (80 percent), whole disk encryption (70 percent), application control (69 percent), patch and remediation management (68 percent), and IT asset management (61 percent). The average organization has 3.7 software agents installed on each endpoint to perform management, security, and other operations and an average of 3.9 different software management consoles for endpoint operations and security.

The survey questioned 1,427 IT security practitioners and 1,582 IT operations professionals in the United States, Germany, Australia, New Zealand, and the United Kingdom with active responsibility for their data security and compliance efforts.

According to the survey, "Worldwide State of the Endpoint 2010":

• 56 percent of respondents said mobile devices aren't secure, representing a risk to data security;
• 49 percent said data security isn't a strategic initiative for their companies;
• 48 percent said their organizations have allocated insufficient resources to achieve effective data security and regulatory compliance; and
• 41 percent of individuals said there was a lack of proactive security risk management in their organizations.

Lumension said it commissioned the survey to better understand how emerging technologies, such as Web 2.0, mobile computing, and the "consumerization" of IT--the accommodation and integration of employee-owned mobile devices within the enterprise--are affecting environments and how organizations are managing security risks across IT operations and security. According to the study, four out of 10 respondents said their organizations permit users to connect their own computing devices to its network or enterprise systems. However, only a quarter of organizations have a policy guiding those connections.

This suggests, the report explained, that many organizations aren't taking steps to secure mobile devices personally owned by users. Yet 72 percent of respondents said they view negligent insiders as a top security threat heading into 2010.