Survey: Enterprise Unprepared for Security

Friday, February 24, 2012 @ 01:02 PM gHale

Enterprise security protection is coming from home-grown solutions, pseudo home grown, or manual enforcement of privileged user access and passwords to control access to enterprise servers, a new survey said.

Of 327 information security professionals surveyed 12 percents said they use home-grown solutions, 10 percent said they employ pseudo solutions, and 37 percent said they use manual enforcement, said Fox Technologies (FoxT), Inc., an enterprise access management solution provider who conducted the survey with Echelon One, an IT security researcher.

Mobile Malware Skyrocketing
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime
Government Tries to Define Cyber Security

All of these methods expose the organization to insider fraud, corporate espionage, and nation-state-sponsored attacks. Enterprises also reported implementation of outdated access management technologies, which allows the theft and misuse of intellectual property and customer data once the network suffers compromise. Recognizing the risk of poor access management, 69 percent of organizations polled planned to pursue access management as a key strategic initiative for IT in 2012.

“The threats organizations face continue to become more aggressive and expose them to a range of losses from intellectual property, customer lists, strategic plans and state secrets,” said Bob West, chief executive and founder of Echelon One. “Failing to control access to mission critical servers and data creates both economic and national defense issues we need to address immediately.”

“All too often enterprises focus their security strategies on network perimeter defense while maintaining compliance standards for access control to only a small subset of their servers,” said Subhash Tantry, chief executive of FoxT. “2011’s prolific compromises proved that enterprises will continue to be targeted and fall victim to more sophisticated attacks. Proactive fine-grained authorization and policy enforcement, in addition to contextual authentication, must be in place to ensure only the authorized users have access to enterprise data with the assumption the network has already been breached.”

FoxT and Echelon One recommend organizations implement the following best practices to properly mitigate risk due to poor access management:
1. Automatically enforce access privileges with proactive, granular authorization and command controls
2. Deploy integrated, contextual, multifactor authentication
3. Add access management to AD, LDAP and IDM solutions to automate creation and removal of user accounts
4. Use the richest tools possible to authenticate users (biometrics, encryption and others)
5. Centralize account administration and manage access accounts across all server environments (Windows, Unix/Linux and virtual).

The survey also revealed over two-thirds of respondents plan to invest in access-management technologies in 2012 as part of their organization’s strategic IT initiatives.

Leave a Reply

You must be logged in to post a comment.