IBM Warns of Lax Endpoint Security

Many IT decision makers are not focusing on endpoint security, according to a new study from IBM.

IBM canvassed 300 IT leaders for their views on security ahead of the firm’s annual X-Force Trend Report, which will shed further light on what’s wrong with the application patching process.

Marc van Zadelhoff, director of strategy for IBM security solutions, noted a few surprises in the findings. For instance, 73 percent of businesses are allowing non-traditional endpoints, such as tablet computers and smartphones, onto enterprise networks. That said, 36 percent of survey respondents noted that they thought their non-traditional endpoint devices were not being adequately protected.

“You may think that 36 percent is low but I think in general people are comfortable with Blackberrys and they form the vast majority of these devices for corporations,” Van Zadelhoff told “I think the real concern is when you get into the more open systems like Android and iOS, the 36 percent are those that are likely seeing those devices, in the bring-your-own technology world that we live in now.”

Overall, IBM’s study reported that 90 percent of decision makers are investing in endpoint security technology. That comes as welcome news for vendors like IBM that make endpoint security software. IBM recently announced the Tivoli Endpoint Manager to help tackle the problem, for instance.

The study also found that 40 percent of companies plan to increase their investment in security for managing and protecting non-traditional endpoints.

To that end, IBM is also building out a new managed service to help enterprises secure smartphones, based on Juniper Networks’ Junos Pulse technology. With Junos Pulse, an enterprise can remotely wipe the data from a smartphone if it is lost or stolen.

Van Zadelhoff said that IBM plans to debut the service in the second half of 2011.


IBM is now also gearing up to release it annual X-Force security trend report. Van Zadelhoff gave a sneak peak at some of the findings from that report, which will highlight some non-trivial issues with enterprise security practices.

When it comes to mobile security, Van Zadelhoff noted that the X-Force report states that people are more concerned about their phones getting lost and data being lifted than hackers taking advantage of mobile vulnerabilities. But mobile vulnerabilities are growing, too.

“The X-Force report will highlight a number of vulnerabilities on mobile platforms that are new, but aren’t yet exploited in a mass manner,” he said.

The other key item the upcoming report will highlight is the continued rise in overall application vulnerabilities. Van Zadelhoff noted that of particular concern is the fact that there are a number of application vulnerabilities for which there is no patch yet available.

“In the new report you will see that the majority of application vulnerabilities that were discovered last year had no available patch available by the end of the year,” he said.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

News Around the Web