Upload
lumension
View
964
Download
0
Embed Size (px)
DESCRIPTION
Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.
Citation preview
The Evolving State of the Endpoint: How Will You Cope?
Today’s Agenda
Shift Happens: How the Endpoint Environment Has Evolved
Worldwide State of the Endpoint:Survey Results
Summary and Recommendations
Conclusion and Q & A
Today’s Panelists
Page 3
Dr. Larry PonemonFounderPonemon Institute
C. Edward BriceSVP Worldwide MarketingLumension Security
Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE
Shift Happens: How the Endpoint Management and
Security Landscape Has Evolved
Shift Happens
5
Today’s endpoint management and
security landscape has
FUNDAMENTALLYchanged
66
Forces Impacting Today's Endpoint Environment
6
New ThreatLandscape
Compliance
Consumerization
of IT
The Endpoint
The New Threat Landscape
The Increasing Value of Data
8
Information in the 21st Century
is the
NEW CURRENCY
Sophisticated and Targeted Threats
9
Today We Deal with a Growing Cyber Mafia
» Well Funded.
» Well Organized.
» Financially Motivated.
10
Ponemon Institute, 2009
60%of a company’s employees would take confidential information if they left the organization.
Rising Insider Risk
11
Data Breach Costs Continue to Grow
Total Economic Impact From Data Loss & Security Breaches Is Estimated at Over $1 Trillion a Year
The cost of recovering from a single data breach now averages $6.6M.
20% of customers will discontinue the relationship immediately and 40% are likely to leave within 6 months.
Ponemon Institute 2009, U.S. Costs of a Data BreachNovember 2008, Unsecured Economies Report 2009
Consumerization of IT
The applications we use today for productivityCollaborative / Browser-based / Open Source
Web 2.0
13
Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.
IT’s Role is Changing
14
IT Must Enable the Use of New Technology
» Major Shift For IT Security
» It’s now IT’s job to say YES!
Employee provisioned laptop programs lead to greater user satisfaction and reduce total ownership
costs up to 44%*
* Gartner 2008
Growing Compliance Burden
Mounting External Compliance Regulations
16
EU Directive
Basel II
HIPAA
Sarbanes-Oxley, Section 404
PCI Data Security Standards (DSS)
PII Security Standards
21CFR11
Gramm Leach Bliley (GLBA)
USA Patriot Act
SB1386 (CA Privacy Act)
EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive
HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA
21CFR11 21CFR11 21CFR11 21CFR11 21CFR11
Gramm Leach Bliley (GLBA)
Gramm Leach Bliley (GLBA)
Gramm Leach Bliley (GLBA)
Gramm Leach Bliley (GLBA)
USA Patriot Act USA Patriot Act USA Patriot Act
SB1386 (CA Privacy Act)
SB1386 (CA Privacy Act)
Basel II
PCI Data Security Standards (DSS)
Time*The Struggle to Manage Security Compliance for Multiple Regulations”. IT Policy Group
75% of organizations must comply with two or more regulations and corresponding audits
43% of organizations comply with 3 or more regulations
Organizations spend 30-50% more on compliance than they should
Worldwide State of The Endpoint
Survey Results
Ponemon Institute LLC
• The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.
• The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.
• Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations. Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.
• The Institute has assembled more than 50 leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.
18
About the study
•State of the Endpoint was conducted by Ponemon Institute and
sponsored by Lumension to better understand how organizations are
responding to the threat of insecure endpoints.
•We asked respondents in IT operations and IT security to explore
what they do to reduce or mitigate the risk of insecure endpoints,
including enabling technologies.
•With input from our sponsor and recommendations for an expert panel
of information security leaders, we implemented our study in five
countries: United States, United Kingdom, Germany, Australia & New
Zealand.
19
Attributions about endpoint security
49%
54%
51%
65%
40%
55%
52%
51%
53%
47%
0% 10% 20% 30% 40% 50% 60% 70%
My organization has sufficient resources to achievecompliance with data security policies and best practices.
My organization’s CEO is a strong supporter of securityand data protection efforts.
My organization views data security as a strategic initiativeacross the enterprise.
My organization is proactive in managing privacy and dataprotection risks.
Laptops and other mobile data-bearing devices aresecure and do not present a significant security risk to our
organization’s networks or enterprise systems.
IT Security IT Operations
20
Each bar reflects the “strongly agree” and “agree” responses combined
Technologies that affect endpoint security
44%
40%
56%
22%
37%
57%
64%
69%
34%
65%
36%
26%
27%
28%
36%
38%
43%
54%
60%
65%
73%
80%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Power management
Application virtualization
Software license metering
Software distribution
Configuration management
IT asset management
Virtualization
Cloud computing
Online backup & recovery
Web 2.0 technologies
Open source software
Does your organization use the following technologies?
Will the use of this technology increase over the next 12 to 24 months?.
Percentage “Yes” response
21
Agents on endpoints and software management consoles
35%38%
9%7%
39%
22% 22%
7%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
1 to 2 3 to 5 6 to 10 More than 10
How many distinct software management consoles does your organization use to manage endpoint operations & security functions?
How many software agents does your organization typically have installed on each endpoint to perform management, security and/orother operations?
22
Employee owned mobile data-bearing devices
26%
40%
44%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Is there a policy that permits employees to connect theirown computing devices?
Can employees connect their own computing devices to thenetwork or enterprise system?
Does your organization subsidize or plan to subsidize theemployee’s purchase of their own computing devices?
23
Percentage “Yes” response
Is your IT network more secure than it was a year ago?
54% 56%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Security Operations
Percentage Yes response
24
Is your IT network more secure than it was a year ago?
44%
77%
42%
57%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
US DE ANZ UK
Analysis by country
25
The reasons why IT networks are more secure now
11%
11%
13%
39%
43%
60%
0% 10% 20% 30% 40% 50% 60% 70%
Increased regulatory scrutiny
Increased resources
Senior level support
Improved control procedures
Improved policies
New information securitytechnologies
26
The reasons why IT networks are more secure now
Why is your organization more secure today?Choice = New information security technologies
50%
74%
56% 60%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
US DE ANZ UK
Analysis by country
27
Does your organization’s IT security budget support business objectives?
38%
45%
18%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Yes, the budget adequately supportsbusiness objectives
Yes, but budget can be increased tosupport business objectives
No
28
Does your organization’s IT security budget support business objectives?
Does your organization's IT security budget support business objectives?Choice = Yes, the budget adequately supports business objectives.
27%
51%
43%
31%
0%
10%
20%
30%
40%
50%
60%
US DE ANZ UK
Analysis by country
29
What statement best describes how IT ops & IT security work together?
Ponemon Institute© State of the Endpoint
17%
52%
31%
17%
49%
34%
17%
55%
28%
0%
10%
20%
30%
40%
50%
60%
Collaboration is excellent Collaboration is adequate but can beimproved
Collaboration is poor or non-existent
Combined Security Operations
30
What statement best describes how IT ops and IT security work together?
Statement selected = Collaboration is poor or non-existent
46%
13%
27%
39%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
US DE ANZ UK
Analysis by country
31
Difficulties in managing endpoint operations and security
25%
17%12% 10%
2% 1%
18%
41%
25%
58%
8%
24%
43%
24%
37%
47%
10%
24%
0%
10%
20%
30%
40%
50%
60%
70%
Overly complextechnologies
Misalignment of ITw ith business
objectives
Diff iculty integratingmultiple
technologies
Lack of skilled orknow ledgeable
personnel
Lack of seniorexecutive support
Lack of budget
Gap Security Operations
32
PC life cycle management and integrated endpoint security suite
38%41%
21%
42% 41%
18%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
Yes Within the next 12-24 months. No
Does your organization have a PC life cycle management solution?
Does your organization have an integrated endpoint security suite?
33
What features are important in an integrated endpoint management suite?
Percentage very important and important combined.
50%
50%
56%
58%
59%
59%
61%
68%
69%
70%
80%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Online backup & recovery
Configuration management
Data loss prevention (content filtering)
Firewall
Vulnerability assessment
Device control (USB, removable media)
IT asset management
Patch & remediation management
Application control (whitelisting technology)
Whole disk encryption
Anti-virus & anti-malware (blacklisting technology)
34
What are the most important benefits of an integrated endpoint management suite?
6%
5%
4%
3%
6%
8%
6%
7%
8%
9%
6%
10%
13%
20%
21%
22%
23%
23%
27%
29%
34%
61%
17%
18%
16%
19%
27%
31%
29%
20%
37%
26%
55%
0% 10% 20% 30% 40% 50% 60% 70%
Reduced energy consumption cost
Simplified integration of new technologies
Enhanced reporting
Reduced software management consoles
Reduced number of agents on the endpoint
Reduced complexity of technology
Simplified user interface
Increased visibility of network assets
Reduced staff requirements
Reduced technology cost
Improved security posture
Operations
Security
Gap
35
Have any of the following incidents happened during the past year?
7%
4%
7%
2%
16%
9%
4%
19%
3%
23%
24%
27%
28%
34%
46%
57%
69%
88%
30%
19%
34%
27%
18%
55%
53%
50%
91%
0% 20% 40% 60% 80% 100%
Loss of sensitive data by an malicious insider
Cyber attack on mobile platform
Loss of sensitive data by a third-party
Denial of service attack
Targeted cyber attacks
Botnet attack
Theft of desktops, laptops or other devices
Loss of sensitive data by a negligent insider
Virus or malw are netw ork intrusion
Operations
Security
Gap
36
Which of the following security risks are most important to you in the coming year?
5%
24%
13%
13%
6%
18%
2%
27%
8%
20%
28%
28%
28%
29%
42%
44%
46%
46%
53%
72%
33%
52%
15%
16%
35%
27%
48%
20%
46%
51%
0% 20% 40% 60% 80%
Silos among IT and business operations
Lack of integration
Malicious insiders
Use of insecure cloud computing resources
Insecure Internet applications (Web 2.0)
Sophistication of cyber attackers
Increased use of mobile platforms
Attacks on sensitive company data
Insufficient budget resources
Negligent insiders
Operations
Security
Gap
37
How do regulations affect your organization’s endpoint security?
44%
52%
5%
0%
10%
20%
30%
40%
50%
60%
Complying w ith regulations improves myorganization’s endpoint security.
Complying w ith regulations has no affecton my organization’s endpoint security.
Complying w ith regulations diminishes myorganization’s endpoint security.
Three statements to choose from
38
How do regulations affect your organization’s endpoint security?
Choice = regulations improve endpoint security.
44%
54%
27%
50%
0%
10%
20%
30%
40%
50%
60%
US DE ANZ UK
Regulations improve endpoint security, analysis by country
39
Why does compliance improve your organization’s endpoint security?
22%
29%
29%
51%
52%
0% 10% 20% 30% 40% 50% 60%
Requires new or expandedtraining requirements
Requires new or revisedpolicies
Improves control procedures
Requires new IT securitytechnologies
More resources available for ITsecurity
40
Extrapolated values for annual compliance budgets
$7.52
$10.92
$6.00
$7.77
$-
$2.00
$4.00
$6.00
$8.00
$10.00
$12.00
US DE ANZ UK
Budget extrapolation converted into US$ w ith $000,000 omitted
Analysis by country
41
Extrapolated values for annual compliance budgets by size
$1
$3
$10
$20
$1
$6
$17
$24
$1$2
$9
$16
$1
$4
$13
$15
$-
$5
$10
$15
$20
$25
$30
Less than 1,000 1,001 to 5,000 5,001 to 25,000 More than 25,000
Budget extrapolation converted into US$ with $000,000 omitted
US
DE
ANZ
UK
42
Estimate that the budget for IT security will increase in FY 2010
11%
30%
11%
6%6%
32%
10%
4%
0%
5%
10%
15%
20%
25%
30%
35%
US DE ANZ UK
Respondents selecting 2010 budget w ill increase from 2009
IT Security IT Operations
Analysis by country
43
Conclusions
Summary Insights
45
Organizations are at risk because:
• The management of endpoint security appears to be overly complex and often a disjointed set of control activities.
• Technologies and applications such as cloud computing, Web 2.0, open source software, and virtualization put the endpoint at risk because they create computing environments outside the direct control of the organization.
• Mobility of the workforce presents a significant security risk because it is hard to enforce policies.
• With respect to endpoint security, operations and security appear to have different priorities.
Summary Insights
46
• Collaboration between operations and security does not occur as frequently as it should, making it difficult to execute an enterprise-wide strategy for endpoint security.
• In the countries we surveyed, both operations and security approach endpoint management and security from different perspectives. This suggests the possibility of significant challenges for organizations that operate globally.
• While the risk of insecure endpoints seems to be on the rise, C-level executives may not fully understand and support endpoint management and security efforts. This could result in organizations not allocating appropriate resources to address the rash of problems caused by insecure endpoints.
Recommendations
As the Landscape Evolves, So Must We
48
Its Time To BREAK
with the old approach
» It’s No Longer Relevant
People are “The New Perimeter”
49
Focus is no longer on securing the
device but now on the
information flow & policy
Endpoint Management & Security
Siloed Roles Must Converge
“By 2011, leading enterprise endpoint protection platform (EPP) and PC life cycle management (PCLM) vendors will offer mature integrated security and operations tools. IT organizations should understand the benefits of these tools and develop a strategy for adoption.”
Peter FirstbrookGartner Analyst 2009
50
51
We need to start thinking differently about IT Security» It’s not about the black
list or the white list, but the intelligent list
» We need a trust-centric approach to endpoint protection
The Move to a Trust-Centric Approach
Q&A
Global Headquarters15880 N. Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260
1.888.725.7828