Special Coverage Series

Network Computing

Special Coverage Series


Endpoint Security Risks On The Rise, But Budgets Flat, Report Says

Survey shows that IT security pros are more worried about endpoint security threats, but organizations aren't allocating more resources to combat them.

Enterprises realize the threat to the security of their endpoint devices is growing, but their budgets to address those threats aren’t keeping pace, according to a recent study by the Ponemon Institute.

The study revealed that 71% of IT professionals surveyed said that threats to endpoint devices, primarily mobile devices often personally owned by employees but used for work, have become more difficult to block or mitigate. However, 55% of respondents said their budgets for endpoint security will be unchanged in 2014; only 29% plan to increase budgets.

In other words, enterprises say they know the threats are increasing, but they aren’t putting their money where their mouth is, Larry Ponemon, chairman and president of the Ponemon Institute, said in a webcast this week in which the study results were presented.

“Most organizations make endpoint security a top priority, but budgets lag behind. It’s one thing to say we have a problem, but it’s another thing to allocate corporate resources,” Ponemon said.

The study, sponsored by Lumension, a supplier of endpoint security products, surveyed 676 IT pros and IT security professionals at various companies. This was the fifth annual study of endpoint risk by the Ponemon Institute.

Endpoint security risks are coming from all directions, added Ponemon. The types of threats and the percentage of respondents who identified them as a problem are as follows: Mobile devices (75%); third-party software applications (66%); remote workers (45%); personal computers (43%); and employee negligence (40%). That last category refers to security threats stemming from employee mistakes that expose the organization to a breach.

The 75% citing mobile devices as a threat represents a huge increase from 2009, when only 9% of respondents viewed mobile devices as a top risk.

[Read Michele Chubirka's suggestions for ways to improve security in 2014 in "6 Information Security New Year's Resolutions."]

Organizations also are concerned about security risks associated with cloud computing, according to the survey. Forty-four percent of respondents cited cloud risks as a threat in the latest survey, up from 28 percent in the 2012 survey.

In a follow-up phone interview with Network Computing, Ponemon attributed the rise in concern about cloud-delivered security threats to endpoints to the rise of what he called “BYOC,” or bring your own cloud. Some employees who use cloud file storage services in their personal lives now use those services in the workplace, often without informing IT.

“Employees may say they want to do document collaboration with others in your organization or even with some outside folks,” he said. “But in phase two, the employee moves confidential business data into the cloud. Now, suddenly, we have the potential for a problem.”

The report also indicated that organizations are increasingly concerned about targeted attacks, or advanced persistent threats (APTs). Thirty-nine percent of survey respondents reported APTs as one of their most concerning risks, up 55% from 2009.

According to the study, the most common way APTs are launched is through spearfishing, in which an e-mail is sent to an individual employee with specific information about that person to convince him or her to click on a link in the e-mail that launches the attack.

As to the budget for enterprise security staying the same for more than half of respondents, Ponemon is slightly encouraged that more respondents said they will increase endpoint security spending (29%) than those who plan to decrease spending (16%).

“In general, people are slightly more optimistic about getting more budget, maybe not enough budget, but more budget because endpoint security as a category is rising in importance,” Ponemon said.



Related Reading


More Insights



Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 

Editor's Choice

Research: 2014 State of Server Technology

Research: 2014 State of Server Technology

Buying power and influence are rapidly shifting to service providers. Where does that leave enterprise IT? Not at the cutting edge, thatís for sure: Only 19% are increasing both the number and capability of servers, budgets are level or down for 60% and just 12% are using new micro technology.
Get full survey results now! »

Vendor Turf Wars

Vendor Turf Wars

The enterprise tech market used to be an orderly place, where vendors had clearly defined markets. No more. Driven both by increasing complexity and Wall Street demands for growth, big vendors are duking it out for primacy -- and refusing to work together for IT's benefit. Must we now pick a side, or is neutrality an option?
Get the Digital Issue »

WEBCAST: Software Defined Networking (SDN) First Steps

WEBCAST: Software Defined Networking (SDN) First Steps


Software defined networking encompasses several emerging technologies that bring programmable interfaces to data center networks and promise to make networks more observable and automated, as well as better suited to the specific needs of large virtualized data centers. Attend this webcast to learn the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging.
Register Today »

Related Content

From Our Sponsor

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

Business executives are challenging their IT staffs to convert data centers from cost centers into producers of business value. Data centers can make a significant impact to the bottom line by enabling the business to respond more quickly to market demands. This paper demonstrates, through a series of examples, how data center infrastructure management software tools can simplify operational processes, cut costs, and speed up information delivery.

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Both hot-air and cold-air containment can improve the predictability and efficiency of traditional data center cooling systems. While both approaches minimize the mixing of hot and cold air, there are practical differences in implementation and operation that have significant consequences on work environment conditions, PUE, and economizer mode hours. The choice of hot-aisle containment over cold-aisle containment can save 43% in annual cooling system energy cost, corresponding to a 15% reduction in annualized PUE. This paper examines both methodologies and highlights the reasons why hot-aisle containment emerges as the preferred best practice for new data centers.

Monitoring Physical Threats in the Data Center

Monitoring Physical Threats in the Data Center

Traditional methodologies for monitoring the data center environment are no longer sufficient. With technologies such as blade servers driving up cooling demands and regulations such as Sarbanes-Oxley driving up data security requirements, the physical environment in the data center must be watched more closely. While well understood protocols exist for monitoring physical devices such as UPS systems, computer room air conditioners, and fire suppression systems, there is a class of distributed monitoring points that is often ignored. This paper describes this class of threats, suggests approaches to deploying monitoring devices, and provides best practices in leveraging the collected data to reduce downtime.

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Rack power of 10 kW per rack or more can result from the deployment of high density information technology equipment such as blade servers. This creates difficult cooling challenges in a data center environment where the industry average rack power consumption is under 2 kW. Five strategies for deploying ultra-high power racks are described, covering practical solutions for both new and existing data centers.

Power and Cooling Capacity Management for Data Centers

Power and Cooling Capacity Management for Data Centers

High density IT equipment stresses the power density capability of modern data centers. Installation and unmanaged proliferation of this equipment can lead to unexpected problems with power and cooling infrastructure including overheating, overloads, and loss of redundancy. The ability to measure and predict power and cooling capability at the rack enclosure level is required to ensure predictable performance and optimize use of the physical infrastructure resource. This paper describes the principles for achieving power and cooling capacity management.