[February 07, 2006]

72% Of Enterprises Cite Internal Security Threats as Greater or Equal Importance to External Threats According to in-Depth Interviews with Information Security Professionals Conducted by TheInfoPro

NEW YORK --(Business Wire)-- Feb. 7, 2006 -- TheInfoPro (TIP), www.TheInfoPro.net, has released Wave 6 of its Information Security Study, detailing the results of over 260 in-depth interviews with leading Information Security professionals. The study confirms that large corporations and government agencies have shifted their focus from protecting the network against external attack to addressing internal security vulnerabilities. By studying the market in six-month intervals or "Waves" TIP is well positioned to identify the technologies and vendors that are poised to benefit.


TIP's patented Technology Heat Index(TM) factors in the current and planned usage of over 40 different Security technologies including Network Intrusion Prevention, Identity Management, Smart Cards, Managed Security Services, and Web Content Filtering, and then prioritizes them based on the immediacy of planned implementation and near-term spending. Particular weight is given to those technologies with high interest, but low deployment, which signals significant growth opportunity. The Wave 6 Heat Index is a strong indicator for what enterprises plan to use to mitigate internal security threats:

-- Endpoint Authentication is the hottest technology with 29% of enterprises having either pilot deployments in place or near-term implementation plans. This translates to a 13% increase compared to Wave 5.

-- Identity Management, in several forms, ranks just below Endpoint Authentication. Enterprises have been spending heavily on Identity Management and plan to continue to do so. Over 75% will spend more in 2006. Of those, nearly 30% expect to spend a minimum of $500,000, with many spending as much as $5 Million.

-- Data Encryption has moved up to the top third on the Heat Index. Although in use by a majority of enterprises (57%), deployments are typically neither broad nor deep, with 55% planning to increase their spending on Data Protection technologies in 2006.

-- Enterprise Single Sign-On is much less interesting to security professionals. Deployments have stalled with about one third of the study participants reporting it in use, which is roughly the same as the Wave 4 Study released 12 months ago; furthermore, those that have the technology as "not in plan" increased by 5% compared to the Wave 5 Study released six months ago.

"TIP has been witnessing the shift in focus towards internal vulnerabilities on the part of large enterprises as far back as 2003," notes Henry D. Nissenbaum, TIP's Managing Director for Information Security Research. "When combined with new legal and regulatory compliance requirements they are now driving much of the activity within Information Security."

Vendors in turn are actively developing and marketing solutions to address these concerns. Cisco's ongoing Network Access Control (NAC), Microsoft's Network Access Protection (NAP), and Symantec's recent acquisition of Sygate are addressing the issues around authenticating endpoints connecting to the enterprise network. A number of vendors, most notably PGP, along with others such as Pointsec and PC Guardian have been offering Data Encryption solutions. RSA, the leader in Two-Factor User Authentication, continues to address the growing demand for strong user authentication with expanded offerings while other vendors seek to compete with two factor and other strong authentication products. Identity Management solutions form the core infrastructure for controlling access to the enterprise with this segment dominated by large system vendors, specifically IBM, Sun, CA, and Novell, each of whom offers complete and often complex solutions.

Since 2002, TIP's Information Security Study has captured decision makers' technology roadmaps, vendor performance ratings, detailed commentary, and spending plans on over 100 vendors of Network Security, Security Infrastructure and Security Management solutions, including 3Com, Juniper, Nokia, Tripwire, Check Point, Websense, ISS, SPI Dynamics, Watchfire, Secure Computing, Blue Coat, Lavasoft, Aventail, Postini, Entrust, NetIQ, CipherTrust, VeriSign, Tumbleweed, Sophos, Network Intelligence, ArcSight, Vontu, netForensics, e-Security, Archer Technologies, SurfControl, Nortel, nCircle, Qualys, ZixCorp, Clearswift, Cybertrust, Liquid Machines, McAfee, Lucent, Tripwire, Sigaba, NetScout, Ingrian, St. Bernard, Stonesoft, Intellitactics, Lancope, and Courion.

Additional information about this study can be found in a multimedia presentation located at:

http://www.brainshark.com/theinfopro/InfoSecW6_Preview1a

Over 800 IT decision makers are members of the TIPNetwork, including Citigroup, FedEx, Cingular Wireless, MasterCard, Pfizer, Vodafone, and PepsiCo. To learn more about TIP's independent, objective research process visit www.TheInfoPro.net.

To learn more about the studies contact info@theinfopro.net or Lawrence Hecht at 212-672-0012.

[ Back To Cloud Computing 's Homepage ]