Definitions of end point security vary among managers; instant messaging poses a growing threat to sensitive info.
Posted Jul 11, 2005
Confusion surrounding end point security (EPS) and a lack of instant message monitoring are leaving some organizations vulnerable to malware, malicious code, destructive spam, and possible litigation, according to separate reports released today.
"Navigating the Client Security Fog: Helping the Enterprise Solve the EndPoint Security Crisis" a study by IDC, finds that managers throughout an organization often have different definitions of what end point security means, and so parts of their businesses remain exposed to attack. IDC defines EPS as enforcing a security policy to any remote devices, such as desktops, laptops, or PDAs. But some managers think of it as secured networks, instead of secured devices, says Allan Carey, manager of IDC's Security and Business Continuity Services program, and coauthor of the report. "It causes confusion over whether the enterprise is secure from an end-point perspective. There doesn't seem to be any commonality."
The report also found that:
of the 64 percent of respondents who have EPS solutions in place, 88 percent say those solutions are "somewhat or very effective";
Cisco Systems and Symantec were viewed as leading vendors in the EPS space;
the majority of both line-of-business and IT respondents want employees to have limited or absolutely no control over their local environments.
"IT organizations are prepared to embrace EPS solutions in what's shaping up to be a battle between good and evil," the report states. Businesses are interested in future investments in intrusion-prevention systems, secure email solutions, antispyware, and network access control technologies. "Enterprise senior management, as well as IT and business unit leaders, must see the big picture to address concerns about security, mobile device use and employee productivity, remote access, and centralized access control," Carey says. "There isn't one solution or technology that will solve the EPS [problem]. It takes a combination of technology, polices, and process, and educating end-users about the EPS issue to build a comprehensive strategy."
Instant message security
Akonix Systems, which provides security systems to enterprises, reveals in an online survey that 73 percent of managers are not in control of instant messaging across the enterprise, which could expose their companies to security and compliance vulnerabilities. According to the online poll of more than 300 IT managers, only 27 percent said a supervisor controlled use of instant messaging and an additional 29 percent did not know whether they were being monitored. "This indicates that companies are lacking communication policies and IM-management technology to help increase employee productivity and protect corporate resources," the report states.
Last month the Akonix Security Center found about a 400 percent increase in attacks in the second-quarter 2005, compared to the previous quarter. The center found an increased spread in instant messaging worm variants, tracking 52 new threats targeting instant messaging and P2P systems, and three new instant messaging parent worms--Aimsend, Harwig, and Pinkton.
Failing to manage employees' instant messaging can expose companies to security risks and liability. About 55 percent of organizations retain and review email messages for government and industry compliance purposes, as well as to prevent the spread of inappropriate content. "Because IMs typically enter an organization through individual staff members logging on for personal communications, many companies don't realize they are legally responsible for not just email, but instant messages that are sent by their employees across both corporate and public networks," the report states.
Without the ability to block and manage external instant messaging communications, businesses also could run the risk of employees ending file attachments and highly confidential information, from product designs to internal financial data--to someone outside of the organization. "It's remarkable that organizations are still leaving their door wide open to security attacks and legal repercussions due to their lack of instant messaging management," says Peter Shaw, CEO of Akonix. "We hope that by the end of 2005, more than 50 percent of global corporations will have adopted an IM policy, as well as the technology to protect their networks."
Online Insecurity Is Eroding Consumer Confidence
Top IT Threats
The upsurge in cyber crime is leading many managers to adopt more best-of-breed security solutions.
Fear and Loathing in the Database
A company's CRM system might make it vulnerable, but with risk comes opportunity.