2012 State of Endpoint Report Is In – Embrace Change to Win on Security

It seems like only yesterday when I was excited to share the results from our 2010 report on the state of the endpoint. This week, we are releasing data from our third annual State of the Endpoint study conducted by the Ponemon Institute and I have to admit, this year’s data is even more intriguing, albeit discouraging.

To begin with, the state of the endpoint has not improved according to the 688 IT pros we surveyed last month. In fact, for three consecutive years, IT reports insecurity is mounting across their network when compared to the previous year. Disappointing, but let’s be honest, it isn’t surprising.

More eye-opening is what I consider IT’s new reality. While malware attacks continue to grow and be an operational cost-driver for the majority of IT departments today, it’s no longer their biggest concern. Instead, IT worries more about the risks associated with personal mobile devices in the work place, virtualization technologies and even cloud computing. And while they plan to increase spend in these areas, they also admit they have no security strategy in place.

While technology decisions used to rest almost entirely with IT, it is evident that this is no longer the case. As organizations look for ways to boost productivity and cut costs, IT has little choice but to get on board with their organization’s growing reliance on personal mobile devices, virtualization technologies and cloud computing. While you could try to prohibit the use of personal iPads and the likes of Twitter and Facebook in your workplace, a more realistic approach is to stop fighting it. Instead of denying these tools, adapt your security strategy to allow for these new practices. But this year’s research points out many IT pros struggle with where to start.

Which brings me to another discouraging data point –32% of IT pros consider insufficient budget their greatest risk in 2012. And collaboration with other executives is considered poor by almost half.

This year’s study identifies a significant disconnect between planned areas of investment and security. Throw in resource concerns and minimal security prioritization across the enterprise and it is apparent we have significant challenges ahead of us. Until we can get those worked out, hackers will continue to capitalize on the opportunity we have given them.

The good news is many of the new data points are prescriptive. My next post will focus on 2012 predictions and next steps.