RSA Survey: Spring Break Punches Holes In Security

PRESS RELEASE

SAN JOSE, CA — March 18, 2010 — PacketMotion today announced the results of a survey conducted during RSA Conference 2010. The survey revealed that 32 percent of enterprises are receiving marginal to failing grades when it comes to adequately detecting, tracking and reporting network activity and user access behavior during spring break and other holiday periods. During spring break, remote and mobile access will increase because employees will check email while out of the office and log onto corporate networks to work on projects and access files. The survey asked 100 information security practitioners to grade themselves on their ability to detect, track and report remote and mobile user network activity during spring break. The results revealed that 20 percent are earning a C grade, 8 percent are earning a D grade and 4 percent are failing. The survey also showed that only a fraction of enterprises surveyed, 25 percent, are taking access management seriously and receiving an A, while 41 percent are receiving a B (other: 2 percent).

"These findings are troublesome. Unfortunately, internal security is more focused on controlling access to applications and not on broader controls for specific groups such as VPN remote users," said Paul Smith, PacketMotion president and CEO. "Only a quarter of the respondents have made adequate investments in their security and compliance programs. The majority of organizations still have considerable ground to cover in managing remote user access to reduce risk. If organizations don't address this threat, they will fall prey to insiders and outsiders who are preparing to take advantage of periods when remote and mobile access spikes."

Even more concerning, the survey revealed that when asked which user group presented the highest risk to their enterprises, 41 percent of security practitioners identified IT administrators — ironically, these are the users who should be the most trusted. Not surprising, remote and mobile users ranked second at 24 percent as the highest risk group of users that access the network, and contractors ranked third at 17 percent.

"When the group entrusted with the highest level of access is considered to be the greatest risk to security and compliance, the only way to mitigate risk is to invest in solutions that better detect, analyze and report suspicious behavior regardless of whether the employee is an administrator or an end user," said Smith. "Bottom line: We must have controls in place that prevent a fox from guarding the henhouse."

Additional compliance trends revealed by the survey include: