The Evolving State of the Endpoint: How Will You Cope?<br />
Today’s Agenda<br />Shift Happens: How the Endpoint Environment Has Evolved<br />Worldwide State of the Endpoint:<br />Sur...
Today’s Panelists<br />Page 3<br />C. Edward Brice<br />SVP Worldwide Marketing<br />Lumension Security<br />Paul Henry<br...
Shift Happens: How the Endpoint Management and Security Landscape Has Evolved<br />
Shift Happens<br />5<br />Today’s endpoint management and security landscape has FUNDAMENTALLY<br />changed<br />
6<br />Forces Impacting Today&apos;s Endpoint Environment<br />New ThreatLandscape<br />The <br />Endpoint <br />Complianc...
The New Threat Landscape<br />
The Increasing Value of Data<br />8<br />Information<br />in the 21st Century <br />is the NEW CURRENCY<br />
Sophisticated and Targeted Threats<br />9<br />Today We Deal with a Growing Cyber Mafia<br /><ul><li>Well Funded.
Well Organized.
Financially Motivated.</li></li></ul><li>10<br />Rising Insider Risk<br />60%<br />of a company’s employees would take con...
11<br />Data Breach Costs Continue to Grow<br />Total Economic Impact From Data Loss & Security Breaches Is Estimated at O...
Consumerization of IT<br />
Web 2.0<br />The applications we use today for productivity<br />Collaborative  /  Browser-based  /  Open Source<br />13<b...
IT’s Role is Changing<br />14<br />IT Must Enable <br />the Use of New Technology<br /><ul><li>Major Shift For IT Security
It’s now IT’s job to say YES!</li></ul>Employee provisioned laptop programs lead to greater user satisfaction and reduce t...
Growing Compliance Burden<br />
16<br />Mounting External Compliance Regulations<br />75% of organizations must comply with two or more regulations and co...
Worldwide State of The EndpointSurvey Results<br />
PonemonInstituteLLC<br /><ul><li>The Institute is dedicated to advancing responsible information management practices that...
The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy...
Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations.  Dr. Ponemon serves as CAS...
The Institute has assembled more than 50 leading multinational corporations called the RIM Council, which focuses the deve...
About the study<br />State of the Endpoint was conducted by Ponemon Institute and sponsored by Lumension to better underst...
Attributions about endpoint security<br />Each bar reflects the “strongly agree” and “agree” responses combined<br />20<br />
Technologies that affect endpoint security<br />Percentage “Yes” response<br />21<br />
Agents on endpoints and software management consoles<br />22<br />
Employee owned mobile data-bearing devices<br />Percentage “Yes” response<br />23<br />
Is your IT network more secure than it was a year ago?<br />Percentage Yes response<br />24<br />
Is your IT network more secure than it was a year ago?<br />Analysis by country<br />25<br />
The reasons why IT networks are more secure now<br />26<br />
The reasons why IT networks are more secure now<br />Analysis by country<br />27<br />
Does your organization’s IT security budget support business objectives?<br />28<br />
Does your organization’s IT security budget support business objectives?<br />Analysis by country<br />29<br />
What statement best describes how IT ops & IT security work together?<br />Ponemon Institute© State of the Endpoint<br />3...
What statement best describes how IT ops and IT security work together?<br />Analysis by country<br />31<br />
Difficulties in managing endpoint operations and security<br />32<br />
PC life cycle management and integrated endpoint security suite<br />33<br />
What features are important in an integrated endpoint management suite?<br />34<br />
What are the most important benefits of an integrated endpoint management suite?<br />35<br />
Have any of the following incidents happened during the past year?<br />36<br />
Which of the following security risks are most important to you in the coming year?<br />37<br />
How do regulations affect your organization’s endpoint security?<br />Three statements to choose from<br />38<br />
How do regulations affect your organization’s endpoint security?<br />Regulations improve endpoint security, analysis by c...
Why does compliance improve your organization’s endpoint security?<br />40<br />
Extrapolated values for annual compliance budgets<br />Analysis by country<br />41<br />
Extrapolated values for annual compliance budgets by size<br />42<br />
Estimate that the budget for IT security will increase in FY 2010<br />Analysis by country<br />43<br />
Conclusions<br />
Summary Insights<br />45<br />Organizations are at risk because:<br /><ul><li>The management of endpoint security appears ...
Technologies and applications such as cloud computing, Web 2.0, open source software, and virtualization put the endpoint ...
Mobility of the workforce presents a significant security risk because it is hard to enforce policies.
With respect to endpoint security, operations and security appear to have different priorities. </li></li></ul><li>Summary...
Upcoming SlideShare
Loading in …5
×

Evolving State of the Endpoint Webinar

1,119 views

Published on

Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,119
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
36
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Evolving State of the Endpoint Webinar

  1. 1. The Evolving State of the Endpoint: How Will You Cope?<br />
  2. 2. Today’s Agenda<br />Shift Happens: How the Endpoint Environment Has Evolved<br />Worldwide State of the Endpoint:<br />Survey Results<br />Summary and Recommendations<br />Conclusion and Q & A<br />
  3. 3. Today’s Panelists<br />Page 3<br />C. Edward Brice<br />SVP Worldwide Marketing<br />Lumension Security<br />Paul Henry<br />Security & Forensics Analyst<br />MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE<br />Dr. Larry Ponemon<br />Founder<br />Ponemon Institute<br />
  4. 4. Shift Happens: How the Endpoint Management and Security Landscape Has Evolved<br />
  5. 5. Shift Happens<br />5<br />Today’s endpoint management and security landscape has FUNDAMENTALLY<br />changed<br />
  6. 6. 6<br />Forces Impacting Today&apos;s Endpoint Environment<br />New ThreatLandscape<br />The <br />Endpoint <br />Compliance<br />Consumerization <br />of IT<br />6<br />6<br />
  7. 7. The New Threat Landscape<br />
  8. 8. The Increasing Value of Data<br />8<br />Information<br />in the 21st Century <br />is the NEW CURRENCY<br />
  9. 9. Sophisticated and Targeted Threats<br />9<br />Today We Deal with a Growing Cyber Mafia<br /><ul><li>Well Funded.
  10. 10. Well Organized.
  11. 11. Financially Motivated.</li></li></ul><li>10<br />Rising Insider Risk<br />60%<br />of a company’s employees would take confidential information if they left the organization.<br />Ponemon Institute, 2009<br />
  12. 12. 11<br />Data Breach Costs Continue to Grow<br />Total Economic Impact From Data Loss & Security Breaches Is Estimated at Over$1 Trillion a Year<br />The cost of recovering from a single data breach now averages$6.6M.<br />20% of customerswill discontinue the relationship immediately and 40% are likely to leave within 6 months.<br />Ponemon Institute 2009, U.S. Costs of a Data Breach<br />November 2008, Unsecured Economies Report 2009<br />
  13. 13. Consumerization of IT<br />
  14. 14. Web 2.0<br />The applications we use today for productivity<br />Collaborative / Browser-based / Open Source<br />13<br />Social Communities, Gadgets,Blogging and Widgets <br />open up our networks to increasing risk everyday.<br />
  15. 15. IT’s Role is Changing<br />14<br />IT Must Enable <br />the Use of New Technology<br /><ul><li>Major Shift For IT Security
  16. 16. It’s now IT’s job to say YES!</li></ul>Employee provisioned laptop programs lead to greater user satisfaction and reduce total ownership costs up to 44%*<br />* Gartner 2008<br />
  17. 17. Growing Compliance Burden<br />
  18. 18. 16<br />Mounting External Compliance Regulations<br />75% of organizations must comply with two or more regulations and corresponding audits<br />43% of organizations comply with 3 or more regulations<br />PII Security Standards<br />Sarbanes-Oxley, Section 404<br />PCI Data Security Standards (DSS)<br />PCI Data Security Standards (DSS)<br />Organizations spend 30-50% more on compliance than they should<br />Basel II<br />Basel II<br />SB1386 (CA Privacy Act)<br />SB1386 (CA Privacy Act)<br />SB1386 (CA Privacy Act)<br />USA Patriot Act<br />USA Patriot Act<br />USA Patriot Act<br />USA Patriot Act<br />Gramm Leach Bliley (GLBA)<br />Gramm Leach Bliley (GLBA)<br />Gramm Leach Bliley (GLBA)<br />Gramm Leach Bliley (GLBA)<br />Gramm Leach Bliley (GLBA)<br />21CFR11<br />21CFR11<br />21CFR11<br />21CFR11<br />21CFR11<br />21CFR11<br />HIPAA<br />HIPAA<br />HIPAA<br />HIPAA<br />HIPAA<br />HIPAA<br />HIPAA<br />EU Directive<br />EU Directive<br />EU Directive<br />EU Directive<br />EU Directive<br />EU Directive<br />EU Directive<br />EU Directive<br />*The Struggle to Manage Security Compliance for Multiple Regulations”. IT Policy Group<br />Time<br />
  19. 19. Worldwide State of The EndpointSurvey Results<br />
  20. 20. PonemonInstituteLLC<br /><ul><li>The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.
  21. 21. The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.
  22. 22. Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations. Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.
  23. 23. The Institute has assembled more than 50 leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.</li></ul>18<br />
  24. 24. About the study<br />State of the Endpoint was conducted by Ponemon Institute and sponsored by Lumension to better understand how organizations are responding to the threat of insecure endpoints.<br />We asked respondents in IT operations and IT security to explore what they do to reduce or mitigate the risk of insecure endpoints, including enabling technologies.<br />With input from our sponsor and recommendations for an expert panel of information security leaders, we implemented our study in five countries: United States, United Kingdom, Germany, Australia & New Zealand.<br />19<br />
  25. 25. Attributions about endpoint security<br />Each bar reflects the “strongly agree” and “agree” responses combined<br />20<br />
  26. 26. Technologies that affect endpoint security<br />Percentage “Yes” response<br />21<br />
  27. 27. Agents on endpoints and software management consoles<br />22<br />
  28. 28. Employee owned mobile data-bearing devices<br />Percentage “Yes” response<br />23<br />
  29. 29. Is your IT network more secure than it was a year ago?<br />Percentage Yes response<br />24<br />
  30. 30. Is your IT network more secure than it was a year ago?<br />Analysis by country<br />25<br />
  31. 31. The reasons why IT networks are more secure now<br />26<br />
  32. 32. The reasons why IT networks are more secure now<br />Analysis by country<br />27<br />
  33. 33. Does your organization’s IT security budget support business objectives?<br />28<br />
  34. 34. Does your organization’s IT security budget support business objectives?<br />Analysis by country<br />29<br />
  35. 35. What statement best describes how IT ops & IT security work together?<br />Ponemon Institute© State of the Endpoint<br />30<br />
  36. 36. What statement best describes how IT ops and IT security work together?<br />Analysis by country<br />31<br />
  37. 37. Difficulties in managing endpoint operations and security<br />32<br />
  38. 38. PC life cycle management and integrated endpoint security suite<br />33<br />
  39. 39. What features are important in an integrated endpoint management suite?<br />34<br />
  40. 40. What are the most important benefits of an integrated endpoint management suite?<br />35<br />
  41. 41. Have any of the following incidents happened during the past year?<br />36<br />
  42. 42. Which of the following security risks are most important to you in the coming year?<br />37<br />
  43. 43. How do regulations affect your organization’s endpoint security?<br />Three statements to choose from<br />38<br />
  44. 44. How do regulations affect your organization’s endpoint security?<br />Regulations improve endpoint security, analysis by country<br />39<br />
  45. 45. Why does compliance improve your organization’s endpoint security?<br />40<br />
  46. 46. Extrapolated values for annual compliance budgets<br />Analysis by country<br />41<br />
  47. 47. Extrapolated values for annual compliance budgets by size<br />42<br />
  48. 48. Estimate that the budget for IT security will increase in FY 2010<br />Analysis by country<br />43<br />
  49. 49. Conclusions<br />
  50. 50. Summary Insights<br />45<br />Organizations are at risk because:<br /><ul><li>The management of endpoint security appears to be overly complex and often a disjointed set of control activities.
  51. 51. Technologies and applications such as cloud computing, Web 2.0, open source software, and virtualization put the endpoint at risk because they create computing environments outside the direct control of the organization.
  52. 52. Mobility of the workforce presents a significant security risk because it is hard to enforce policies.
  53. 53. With respect to endpoint security, operations and security appear to have different priorities. </li></li></ul><li>Summary Insights<br />46<br /><ul><li>Collaboration between operations and security does not occur as frequently as it should, making it difficult to execute an enterprise-wide strategy for endpoint security.
  54. 54. In the countries we surveyed, both operations and security approach endpoint management and security from different perspectives. This suggests the possibility of significant challenges for organizations that operate globally.
  55. 55. While the risk of insecure endpoints seems to be on the rise, C-level executives may not fully understand and support endpoint management and security efforts. This could result in organizations not allocating appropriate resources to address the rash of problems caused by insecure endpoints.</li></li></ul><li>Recommendations<br />
  56. 56. As the Landscape Evolves, So Must We<br />48<br />Its Time To BREAKwith the old approach<br /><ul><li>It’s No Longer Relevant</li></li></ul><li>People are “The New Perimeter”<br />49<br />Focus is no longer on securing the device <br />but now on the <br />information flow & policy<br />
  57. 57. Siloed Roles Must Converge<br />Endpoint Management & Security<br />“By 2011, leading enterprise endpoint protection platform (EPP) and PC life cycle management (PCLM) vendors will offer mature integrated security and operations tools. IT organizations should understand the benefits of these tools and develop a strategy for adoption.”<br />Peter Firstbrook<br />Gartner Analyst 2009<br />50<br />
  58. 58. 51<br />The Move to a Trust-Centric Approach<br />We need to start thinking differently about IT Security<br /><ul><li>It’s not about the black list or the white list, but the intelligent list
  59. 59. We need a trust-centric approach to endpoint protection</li></li></ul><li>Q&A<br />
  60. 60. Global Headquarters<br />15880 N. Greenway-Hayden Loop<br />Suite 100<br />Scottsdale, AZ 85260<br />1.888.725.7828<br />info@lumension.com<br />

×