Zero Tolerance Is The Key To Security

By | May 16, 2006

AppSense has revealed the results of an independent survey which shows that despite 84 per cent of respondents claiming that they were adequately protected against external security threats to their company desktops and laptops, more than 60 per cent of those surveyed had still been adversely affected by malware during the past year.

The findings of the survey were generated by targeting IT directors and network managers within 75 responding organisations throughout the UK. The IT systems under the jurisdiction of respondents ranged in size between four desktops with one server, and 9000 desktops with 200 servers. Each respondent was asked a series of questions relating to IT security policies, concerns and budgets alongside some general IT infrastructure enquiries.

The research found that while nearly all of those surveyed felt that desktop access and usage had been adequately “locked-down”, 68.5 per cent still felt that they had more work to carry out in managing employee access to applications. In addition, findings indicated that 80 per cent of respondents still see malware as the greatest threat to corporate security versus a surprisingly low eight per cent who regard employee misuse or data theft as a concern.

“Organisations are clearly no longer relying on just having the latest anti-virus signatures in place, but there is real lack of understanding in the way that internal threats should be managed,” said Pete Rawlinson, security product marketing manager at AppSense. “From our research, it would appear that taking a ´zero tolerant´ approach by locking down user environments and only allowing authorised applications to execute is the only way in which businesses can guarantee security. Implementing zero tolerance policy may very well give you security, but at what cost to employee productivity?”

“Reactive security measures such as patch management and host-based AV will always be one step behind the malware writer. Proactively protecting endpoints and restricting users´ ability to install applications or modify their environments should become the basis of every IT security strategy. Educating the market on how this can be put in place while retaining employee productivity is the next hurdle the industry has to overcome,” concluded Rawlinson.

Leave a Reply