The key findings in the report point to outdated approaches to security and a lack of advanced solutions to limit the carte blanche access granted to employees and third parties under older network security models.
San Francisco, CA (PRWEB) April 20, 2015
Cryptzone, a provider of dynamic, context-aware network, application and content security solutions, today revealed the results of a network security survey conducted with TechValidate. The survey was conducted to determine how organizations are implementing network access control (NAC) policies and security solutions to address today’s environments, given the proliferation of cybercrimes and growing concerns over insider threats.
The key findings in the report point to outdated approaches to security and a lack of advanced solutions to limit the carte blanche access granted to employees and third parties under older network security models. The survey also indicates that insider threats caused the most actual harm or damage to information security (61%), not outside threats.
VPNs still Dominant Form of Network Access Control:
- 91% of respondents shared that VPNs are still the main form of security for controlling network access, despite the fact that VPN technology was created almost 20 years ago.
- A majority (51%) noted that their access control technology was greater than three years old, and 11% said it was more than 10 years old. (Source TechValidate TVID:7CC-254-00F)
- Host IPS, next-gen firewalls, identity management solutions and vulnerability assessment all followed the two leading solutions, but were only being used by between 24-30% of the organizations for the purpose of access control.
- Exactly half said that their network access/firewall rules were static.
- Only 21% of companies rely on attribute-based controls to secure access; most rely on authentication (93%) and session authorization (46%).
Perceived vs. Actual Risk
- The survey also revealed that malicious external user actions (hacking) were perceived as the greatest security risk to an organization (66%), followed closely by user mistakes/accidents (56%).
- But upon reviewing the threats that had caused the most actual harm or damage to organizations in the last 12 months, 61% noted user mistakes/accidents, and only 46% noted malicious external user actions. (Source TechValidate: TVID: 9D6-32C-56A)
- While outsiders often are the ones attacking an organization, they must find a point of vulnerability in order to actually create a breach and cause damage.
Who Owns Policy Control:
- 48% of respondents concluded that the main controllers of policy were their IT departments.
- 36% said information security.
- 12% said compliance or risk management.
- Only 3% identified business owners as policy control managers.
- More than half of companies (52%) have not reviewed their access policies in over a year.
- 42% of companies can’t or don’t automatically enforce security policies.
- Surprisingly, 45% of respondents said their security budget had not increased, despite recent high-profile breaches. An additional 21% said it had not increased, but they expected it would in the next 12 months. (Source TechValidate TVID: C69-14C-129)
“It’s remarkable that many organizations are still utilizing network security technologies developed in the nineties – a time when the Internet was still in its infancy,” said Kurt Mueffelmann, president and CEO for Cryptzone. “The cyber attacks we have seen over the last few years have demonstrated that it’s far too easy for hackers to steal user credentials, and then use those credentials to traverse the enterprise network in search of the most valuable data. Organizations need to accept that outdated access control technologies are not working against today’s sophisticated adversaries. The default position should be to make your infrastructure invisible, and then grant access on a case by case basis, only after user identity, posture and context have been validated. Organizations must stop giving out the keys to the kingdom when it comes to privileged user, third party and employee access.”
Cryptzone’s dynamic security solutions are designed to secure access and protect critical data, services, networks and applications without impacting how organizations and users work. To learn more, speak with the Cryptzone technology team at RSA (April 20-24, Moscone Center, San Francisco) in booth #S224 South Expo. During the show, the company will also reveal its next generation product, AppGate® Secure Access, an integrated security gateway that provides a secure, encrypted, service-specific tunnel between user and application or resource.
The full survey report is available online in PDF format.
TechValidate is a trusted third-party research organization that directly interfaces with business and technology end users to collect and validate information about their deployments. More information is available at http://www.techvalidate.com.
Cryptzone secures the enterprise with dynamic, context-aware security solutions that protect critical services, applications and content from internal and external threats. For over a decade, enterprises have turned to Cryptzone to galvanize their Cloud and network security with responsive protection and access intelligence. More than 750 public sector and enterprise customers, including some of the leading names in technology, manufacturing and consumer products trust Cryptzone to keep their data and applications secure. For more information, go to http://www.cryptzone.com or follow us @Cryptzone.