SOURCE: PacketMotion

PacketMotion

March 18, 2010 09:00 ET

Survey Reveals That Spring Break Will Create Holes in Enterprise Security and Compliance Programs

PacketMotion's RSA Conference Survey Shows Enterprises Are Receiving Marginal to Failing Grades on Remote and Mobile Security and Compliance During Vacation Periods

SAN JOSE, CA--(Marketwire - March 18, 2010) -  PacketMotion today announced the results of a survey conducted during RSA Conference 2010. The survey revealed that 32 percent of enterprises are receiving marginal to failing grades when it comes to adequately detecting, tracking and reporting network activity and user access behavior during spring break and other holiday periods. During spring break, remote and mobile access will increase because employees will check email while out of the office and log onto corporate networks to work on projects and access files. The survey, which asked 100 information security practitioners to grade themselves on their ability to detect, track and report remote and mobile user network activity during spring break and holidays, revealed that 20 percent are earning a C grade, 8 percent are earning a D grade and 4 percent are failing. The survey also showed that only a fraction of enterprises surveyed, 25 percent, are taking access management seriously and receiving an A, while 41 percent are receiving a B (other: 2 percent).

Remote and mobile user traffic will increase during spring break because employees will bring their laptops with them while on vacation so they can continue to check email, work on projects and access files. Unfortunately, a false sense of hotel room security can lead vacationers to leave their laptops logged in while they are at the pool, dinner or other outings. This creates the perfect opportunity for a malicious hotel insider to alert a cybercriminal of easy targets in exchange for a few dollars.

"These findings are troublesome. Unfortunately, internal security is more focused on controlling access to applications and not on broader controls for specific groups such as VPN remote users," said Paul Smith, PacketMotion president and CEO. "Only a quarter of the respondents have made adequate investments in their security and compliance programs. The majority of organizations still have considerable ground to cover in managing remote user access to reduce risk. If organizations don't address this threat, they will fall prey to insiders and outsiders who are preparing to take advantage of periods when remote and mobile access spikes."

Even more concerning, the survey revealed that when asked which user group presented the highest risk to their enterprises, 38 percent of security practitioners identified IT administrators -- ironically, these are the users who should be the most trusted. Not surprising, remote and mobile users ranked second at 26 percent as the highest risk group of users that access the network, and contractors ranked third at 17 percent.

"When the group entrusted with the highest level of access is considered to be the greatest risk to security and compliance, the only way to mitigate risk is to invest in solutions that better detect, analyze and report suspicious behavior regardless of whether the employee is an administrator or an end user," said Smith. "Bottom line: We must have controls in place that prevent a fox from guarding the henhouse."

Additional compliance trends revealed by the survey include:

  • Global compliance: Enterprises in the financial services industry must be prepared to handle a rising tide of regulations if they hope to compete in the global market. Approximately 41 percent of the respondents stated that the financial services industry will be affected the most by global regulations. The government ranked second at 24 percent, and the pharmaceutical industry ranked third at 14 percent.
  • Compliance adherence: Enterprises continue to be concerned about their ability to meet and maintain compliance regulations. Only 26 percent of respondents stated that their enterprise is fully compliant on any given day. An additional 36 percent stated they are only 80 percent compliant on any given day, and 31 percent stated they are typically 60 percent or less compliant.

A two-minute video filmed at RSA Conference 2010 featuring some of the world's leading enterprise security professionals speaking about security and compliance is available at www.youtube.com/packetmotion.

About PacketMotion
 
PacketMotion's User Activity Management (UAM) solutions enable mid- to large-sized enterprises to simplify and lower the cost of meeting their compliance/audit requirements (PCI DSS, SOX, HIPAA, etc.) while delivering security functionality such as the ability to immediately stop user behavior that violates internal policies. A Gartner "Cool Vendor" company, PacketMotion combines patent-pending software with massive computing power to monitor individual user activity at the application level. The PacketSentry™ appliance operates out of band with no impact on network performance, and it installs in less than one day, typically reducing compliance-related capital and operating costs by as much as 80 percent compared to a suite of siloed tools. For more information, visit www.packetmotion.com.

PacketMotion and PacketSentry are registered trademarks of PacketMotion. Copyright © PacketMotion 2010.

Contact Information

  • Contact
    Joe Franscella
    Trainer Communications
    Email Contact
    925-271-8213