Patchy defences against enterprise application security threats
Computing research reveals gaps in security provision that could give attackers a way in
Organisations are being forced to choose which applications should be given full protection according to research by Computing.
An email survey was carried out among enterprise IT managers that asked about the way they prioritise threats to enterprise applications.
The enterprise applications that appear to merit the highest levels of protection are external customer-facing applications, internal business operations applications, and email and instant messaging systems, with 61 per cent of IT decision-makers telling Computing that their firm protected these assets.
Email systems are frequently targeted as a way into a company's systems: just one duped employee clicking a malicious link could give cyber criminals access to an enterprise's entire IT infrastructure.
IT management systems are also seen as important applications to protect, with 60 per cent of respondents saying their firm protects these.
Which systems do you protect?
[Click on image to enlarge]
However, when it comes to decisions about what enterprise applications not to protect, there are two clear losers - cloud and outsourced applications, with just 25 per cent and 23 per cent of respondents telling Computing research that they think these areas are protected.
There's a simple reason for this: the fact that the tools are outsourced means the organisation is likely to have handed responsibility for managing them to the vendor. However, it would be dangerous not to put some sort of protection in place. Just because something is in the cloud definitely doesn't mean it's safe and should the worst happen organisations may find they have little recourse to claim recompense. Ultimately they are responsible for ensuring their enterprise applications are protected against threats.
However, despite admitting weaknesses in some areas of application security - and almost 10 per cent of respondents said they did not know which parts of their business was protected - there appeared to be no urgency to bolster enterprise applications, with 40 per cent having no plans in this area for the next 12 months.