Mobile devices and Web 2.0 technologies are forcing organizations to adapt to a new set of security needs, but many enterprises may be falling short, according to a study by the Ponemon Institute.
Dubbed the "Worldwide State of the Endpoint Survey 2010," the study was commissioned by Lumension Security to take a look at how emerging technologies and the "consumerization" of IT are impacting IT operations and security. The news was not good.
In a survey of 1,427 IT security pros and 1,582 IT operations professionals from around the world, many respondents revealed that a lack of planning and support for security initiatives is hurting the ability of organizations to protect their resources. Among the survey's key findings:
"â¢ 56 percent of individuals surveyed said mobile devices are not secure, representing a risk to data security. â¢ 49 percent of individuals surveyed said data security is not a strategic initiative for their companies. â¢ 48 percent of individuals surveyed said their companies have allocated insufficient resources to achieve effective data security and regulatory compliance. â¢ 47 percent of individuals cited a lack of strong CEO support for information security efforts as a reason for ineffective data security programs. â¢ 41 percent of individuals said there was a lack of proactive security risk management in their organizations."
"This year's Ponemon survey reinforces the need for IT security and IT operations practitioners to continually look for better alignment points within their organizations," Patrick Clawson, CEO of Lumension, said in a statement. "It's clear that the level of collaboration between these two groups is still very poor and, as a result, organizations are still grappling with how to most effectively manage and protect their endpoints."
The survey results point to a perception that organizations are dropping the ball from a policy and strategic planning standpoint. That sentiment is further supported by some of its other findings. For example, 31 percent of the participants said collaboration between IT security and operations was nonexistent.
According to Clawson, organizations need to think about how to improve collaboration and communication between their IT security and operations teams in order to better address risk in the coming year.
"Threats to the endpoint are not going to disappear in 2010, so it's time for organizations to be more aggressive, more proactive and much more collaborative," he said.