Novell's threat assessment survey results

David Heath
Wednesday, 21 October 2009 10:23

Business IT - Security

According to a self-administered survey, Enterprises are still at risk from common security 'gaps.'

Novell today released the first summary of data from its Threat Assessment Tool and the view isn't pretty.

The results show that "many enterprises are still highly vulnerable to preventable security threats. To date, the survey has revealed significant vulnerabilities, particularly in the areas of inadequate data protection, insufficient mobile access policies, and lack of application control and system integrity for endpoint devices."

Summarising the results (all are self-reported by survey respondents), firstly for data protection:

71% of companies do not encrypt data on laptops

73% do not encrypt data on removable storage devices

72% do not control data copies to removable media, 78% do not report what is written to these media.

Looking next at Mobile access points:

90% said users accessed open, non-secured wireless access points when outside the office

76% said they cannot ensure the health and well-being of devices outside the perimeter of the organisation.

Finally, looking at Application control:

53% are unable to prevent peer-to-peer traffic on their network

65% did not prevent external access to corporate resources by poorly protected machines (eg without anti-virus) – this could be a financial concern.  Furthermore 73% could not stop an out-of-compliance endpoint from propagating infections.

"Endpoint security threats are evolving at a rapid pace," said Grant Ho, senior solution manager for Endpoint Management at Novell. "Every day, vital customer data is lost due to lax security practices. The Threat Assessment survey is designed to give enterprises a better idea of their security vulnerabilities as well as provide guidance to ensure they are doing everything they can to secure their endpoints and protect sensitive corporate and customer data."

Novell makes three recommendations to achieve Endpoint Security best-practice.

"First, organizations should simplify their endpoint security needs and reduce IT costs by combining point security solutions under a single management console.

"Second, IT administrators should secure their mobile endpoints and protect their data with IT solutions that control removable media, storage or Wi-Fi enabled devices while maintaining system integrity 24/7 whether endpoints are connected to the network or not.

"Third, employing network access control technology can help an organization prevent security threats from entering the network and contaminating other devices without stifling business."

iTWire suggests all readers work through the assessment tool and contemplate the results.