Products & Releases

RSA Survey: Spring Break Punches Holes In Security

Survey revealed that 32 percent of enterprises are receiving marginal to failing grades when it comes to adequately detecting, tracking, and reporting network activity and user access behavior
SAN JOSE, CA — March 18, 2010 — PacketMotion today announced the results of a survey conducted during RSA Conference 2010. The survey revealed that 32 percent of enterprises are receiving marginal to failing grades when it comes to adequately detecting, tracking and reporting network activity and user access behavior during spring break and other holiday periods. During spring break, remote and mobile access will increase because employees will check email while out of the office and log onto corporate networks to work on projects and access files. The survey asked 100 information security practitioners to grade themselves on their ability to detect, track and report remote and mobile user network activity during spring break. The results revealed that 20 percent are earning a C grade, 8 percent are earning a D grade and 4 percent are failing. The survey also showed that only a fraction of enterprises surveyed, 25 percent, are taking access management seriously and receiving an A, while 41 percent are receiving a B (other: 2 percent).

"These findings are troublesome. Unfortunately, internal security is more focused on controlling access to applications and not on broader controls for specific groups such as VPN remote users," said Paul Smith, PacketMotion president and CEO. "Only a quarter of the respondents have made adequate investments in their security and compliance programs. The majority of organizations still have considerable ground to cover in managing remote user access to reduce risk. If organizations don't address this threat, they will fall prey to insiders and outsiders who are preparing to take advantage of periods when remote and mobile access spikes."

Even more concerning, the survey revealed that when asked which user group presented the highest risk to their enterprises, 41 percent of security practitioners identified IT administrators — ironically, these are the users who should be the most trusted. Not surprising, remote and mobile users ranked second at 24 percent as the highest risk group of users that access the network, and contractors ranked third at 17 percent.

"When the group entrusted with the highest level of access is considered to be the greatest risk to security and compliance, the only way to mitigate risk is to invest in solutions that better detect, analyze and report suspicious behavior regardless of whether the employee is an administrator or an end user," said Smith. "Bottom line: We must have controls in place that prevent a fox from guarding the henhouse."

Additional compliance trends revealed by the survey include:

  • Global compliance: Enterprises in the financial services industry must be prepared to handle a rising tide of regulations if they hope to compete in the global market. Approximately 41 percent of the respondents stated that the financial services industry will be affected the most by global regulations. The government ranked second at 24 percent, and the pharmaceutical industry ranked third at 14 percent.

  • Compliance adherence: Enterprises continue to be concerned about their ability to meet and maintain compliance regulations. Only 26 percent of respondents stated that their enterprise is fully compliant on any given day. An additional 36 percent stated they are 80 percent compliant on any given day, and 35 percent stated they are typically 40 percent or less compliant.

    A two-minute video filmed at RSA Conference 2010 featuring some of the world's leading enterprise security professionals speaking about security and compliance is available at

  • Editors' Choice
    Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading