In-Depth

Slowly but Surely, IT Addresses Mobile Security Threats

Nine out of ten enterprises say they plan to invest in new endpoint security technologies to help them better manage mobile devices

• By Stephen Swoyer
• 03/22/2011

Security watchers have warned about the threat posed by unmanaged mobile devices -- some sanctioned by IT itself, many designed for consumers -- in the enterprise. According to a new IBM Corp.-sponsored survey, enterprise IT organizations are finally taking action. Nine out of ten IT shops say they plan to invest in new endpoint security technologies to help them better manage mobile devices.

Polling firm Zogby International conducted the survey on behalf of IBM, which timed the release to coincide with its Pulse 2011 conference in Las Vegas. Pulse is an IBM conference largely devoted to its Tivoli Software brand, which has traditionally focused on end-to-end systems management software. Last month, IBM unveiled a new version of its Tivoli endpoint security product -- i.e., Tivoli Endpoint Manager -- which incorporates technology Big Blue took over with its July, 2010 acquisition of the former BigFix Inc.

The Zogby survey solicited responses from 289 IT decision-makers; nearly three-quarters (73 percent) of shops currently permit "non-traditional" use of their enterprise networks. At the same time, more than one-third (36 percent) have concerns about the degree to which these devices (and their own enterprise networks) are protected. In addition to smartphones, Internet-enabled mobile phones, next-generation tablet computers (such as the iPad), "non-traditional" endpoints can include point-of-sale (PoS) systems, next-gen control systems, and connected infrastructure devices such as facility sensors.

"The endpoint of 2011 is no longer just a PC or laptop, but the entire range of interconnected and instrumented devices and sensors that comprise the smarter planet," said Steve Robinson, general manager of IBM Security Solutions, in a statement. "This trend continues to validate IBM's strategy to invest more in endpoint management, such as the recent release of Tivoli Endpoint Manager. It's our view that a managed endpoint is a secure one."

The number of non-traditional endpoints is expected to grow exponentially over time: in a press release promoting its survey, for example, IBM cited an unnamed forecast of up to 1 trillion connected endpoint devices by 2015.

This year alone, 80 percent of survey respondents said they expect to add new (and notionally non-traditional) endpoint devices, according to IBM.

This may be a case of cognitive dissonance. For starters, a full third (33 percent) of respondents cited a lack of visibility into the condition of endpoint devices as their biggest overall security concern. In addition, more than a third (36 percent) acknowledged that these devices probably are not adequately protected. Nevertheless, most respondents (73 percent) said their current policies permit these devices to access their networks.

Although almost all shops say they're investing in "resources" to better manage connected endpoints, not all of this IT spending is earmarked explicitly for securing non-traditional endpoints. In 2011, four in ten IT decision makers say they expect to invest in products or services to better secure these non-traditional endpoints.