Research Shows Enterprises Are at Significant Risk From Common Endpoint Device Security Gaps
Back Published 2009-11-13
Waltham, Mass. — Nov. 13
In an effort to help IT departments evaluate and better secure their network endpoints, such as desktops, notebooks, smart phones, MP3 players and thumb drives, Novell announced initial results from its Threat Assessment survey, which showed that many enterprises are still highly vulnerable to preventable security threats. To date, the survey has revealed significant vulnerabilities, particularly in the areas of inadequate data protection, insufficient mobile access policies, and lack of application control and system integrity for endpoint devices.
Inadequate Data Protection
• Seventy-one percent of companies said they do not encrypt data on laptops, while 73 percent of companies do not encrypt data on removable storage devices, exposing the company to significant risk if these devices are lost or stolen.
• Seventy-two percent of respondents said they do not control the data that is copied to removable storage devices or optical writers, and 78 percent do not report what data is written to removable storage devices, creating the potential for inappropriate data distribution and compliance issues.
Insufficient Mobile Access Policies
• Ninety percent of respondents said their end users access open, nonsecured wireless networks when outside of the office (i.e., hotspots, hotels, coffee shops), leaving endpoints and data vulnerable to attacks.
• Seventy-six percent of companies said that they cannot ensure system health, integrity and compliance of their endpoint devices when they go beyond the perimeters of the organization.
Lack of Application Control and System Integrity
• Fifty-three percent of respondents are not able to prevent peer-to-peer traffic like Bit Torrent and Gnutella from accessing their networks, thereby draining precious IT resources and creating risk that corporate data will be accessed.
• Sixty-five percent of respondents were unable to prevent a user from accessing the corporate network if the user lacked system integrity verification tools, such as antivirus software. Further, 73 percent could not stop an out-of-compliance endpoint from propagating infections or becoming infected.
"Endpoint security threats are evolving at a rapid pace," said Grant Ho, senior solution manager for Endpoint Management at Novell. "Every day, vital customer data is lost due to lax security practices. The Threat Assessment survey is designed to give enterprises a better idea of their security vulnerabilities as well as provide guidance to ensure they are doing everything they can to secure their endpoints and protect sensitive corporate and customer data."
Endpoint Security Management Best Practices
Based on the results of its Threat Assessment survey, Novell identified the three best practices for endpoint security as data protection, mobile access control and system health.
• First, organizations should simplify their endpoint security needs and reduce IT costs by combining point security solutions under a single management console.
• Second, IT administrators should secure their mobile endpoints and protect their data with IT solutions that control removable media, storage or Wi-Fi enabled devices while maintaining system integrity 24x7 whether endpoints are connected to the network or not.
• Third, employing network access control technology can help an organization prevent security threats from entering the network and contaminating other devices without stifling business.
The survey results were gathered from responses to the Novell Threat Assessment Tool, an online test that offers IT administrators and decision makers the opportunity to evaluate their endpoint security practices, procedures and risks. From managing removable storage and VPN usage to data encryption and advanced personal firewalls, the Novell Threat Assessment Tool helps enterprises identify areas of security vulnerability and offers recommendations to assist businesses in shoring up the integrity of their endpoints. To access the free Threat Assessment Tool, visit http://www.novell.com/systemsmanagement/secure-desktop/threat-assessment/threatassessment.html.