Enterprises Focus on Internal Security Threats

By | February 8, 2006

TheInfoPro has released Wave 6 of its Information Security Study, detailing the results of over 260 in-depth interviews with leading Information Security professionals. The study confirms that large corporations and government agencies have shifted their focus from protecting the network against external attack to addressing internal security vulnerabilities.

TheInfoPro ‘s patented Technology Heat Index factors in the current and planned usage of over 40 different Security technologies including Network Intrusion Prevention, Identity Management, Smart Cards, Managed Security Services, and Web Content. The Wave 6 Heat Index is a strong indicator for what enterprises plan to use to mitigate internal security threats:

1. Endpoint Authentication is the hottest technology with 29% of enterprises having either pilot deployment in place or near-term implementation plans. This translates to a 13% increase compared to Wave 5.

2. Identity Management, in several forms, ranks just below Endpoint Authentication. Enterprises have been spending heavily on Identity Management and plan to continue to do so. Over 75% will spend more in 2006. Of those, nearly 30% expect to spend a minimum of $500,000, with many spending as much as $5 Million.

3. Data Encryption has moved up to the top third on the Heat Index. Although in use by a majority of enterprises (57%), deployments are typically neither broad nor deep, with 55% planning to increase their spending on Data Protection technologies in 2006.

4. Enterprise Single Sign-On is much less interesting to security professionals. Deployments have stalled with about one third of the study participants reporting it in use, which is roughly the same as the Wave 4 Study released 12 months ago; furthermore, those that have the technology as “not in plan” increased by 5% compared to the Wave 5 Study released six months ago.

Vendors in turn are actively developing and marketing solutions to address these concerns. Cisco´s ongoing Network Access Control (NAC), Microsoft´s Network Access Protection (NAP), and Symantec´s recent acquisition of Sygate are addressing the issues around authenticating endpoints connecting to the enterprise network. A number of vendors, most notably PGP, along with others such as Pointsec and PC Guardian have been offering Data Encryption solutions. RSA, the leader in Two-Factor User Authentication, continues to address the growing demand for strong user authentication with expanded offerings while other vendors seek to compete with two factor and other strong authentication products. Identity Management solutions form the core infrastructure for controlling access to the enterprise with this segment dominated by large system vendors, specifically IBM, Sun, CA, and Novell, each of whom offers complete and often complex solutions.

Leave a Reply