ast 0110945 forrester endpoint security trends

Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA

Tel: +1 617.613.6000 | Fax: +1 617.613.5000 | www.forrester.com

Endpoint Security Trends, Q2 2013 To Q4 2014by Chris Sherman, November 7, 2013

For: Security & Risk Professionals

KEY TAKEAWAYS

Organizations Spend 9% Of Their IT Budget On Endpoint SecuritySMBs and enterprises both spend around 9% of their overall IT budget on endpoint security. However, those industries with a higher percentage of mobile workers are more likely to increase spending over the next 12 months.

Advanced Controls Are Hot Within SMBs And EnterprisesTechnologies such as full disk encryption, data loss protection, and host-based intrusion detection are all seeing increased adoption in many organizations. Proactive security controls such as white listing and patch management are also enjoying increased adoption as traditional methods of antivirus protection fail.

Enterprises Take The Lead With Adoption Of Endpoint Security Software-As-A-ServiceAlthough endpoint security software-as-a-service is traditionally seen as a delivery method preferred by SMBs, enterprises now take a solid lead in its adoption. Security software-as-a-service reduces much of the operational overhead and offers the possibility of completely outsourcing the task of managing the security and operations of user endpoints.

2013, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To purchase reprints of this document, please email [email protected]. For additional information, go to www.forrester.com.

FOR SECURITY & RISK PROFESSIONALS

WHY READ THIS REPORT

Every year, Forrester conducts a number of global surveys of IT security decision-makers and information workers from a wide range of organization industries and sizes. In this report, we present the relevant endpoint security data from our most recent surveys, with special attention given to those trends affecting small and medium-size businesses (SMBs) and enterprises, along with analysis that explains the data in the context of the overall security landscape. As organizations prepare for the 2014 budget cycle, security professionals should use this report to help benchmark their organizations spending patterns against their peers while keeping an eye on current trends affecting endpoint security in order to strategize their endpoint security adoption decisions.

Table Of Contents

Despite Data Security Concerns, Endpoint Security Spending Is Flat

Endpoint Security Remains Just One-Tenth Of The Overall Security Budget

S&R Pros Prefer To Source Endpoint Security From A Single Vendor

S&R Pros Will Focus Their Investments On Advanced Controls

Proactive Security Controls Will Continue To Gain Traction Through 2014

Endpoint Security Software-As-A-Service Adoption Skyrockets

Enterprises Take The Lead In The Adoption Of Endpoint Security Software-As-A-Service

WHAT IT MEANS

Security Pros Must Look For Ways To Spend Smarter, Not More

Supplemental Material

Notes & Resources

Forrester interviewed three enterprises currently making significant endpoint security investments. Each asked to remain anonymous. We also drew from a wealth of analyst insight gathered via client inquiries, briefings, and consulting engagements.

Related Research Documents

Market Overview: Endpoint Encryption Technologies, Q1 2013January 16, 2013

The Forrester Wave: Endpoint Security, Q1 2013January 4, 2013

Application Control: An Essential Endpoint Security ComponentSeptember 7, 2012

Endpoint Security Trends, Q2 2013 To Q4 2014New Disruptors For Endpoint Security Through 2014by Chris Shermanwith Stephanie Balaouras and Dominique Thomas

2

4

4

7

8

9

NOVEMBER 7, 2013


Endpoint Security Trends, Q2 2013 To Q4 2014 2

2013, Forrester Research, Inc. Reproduction Prohibited November 7, 2013

DESPITE DATA SECURITY CONCERNS, ENDPOINT SECURITY SPENDING IS FLAT

Todays cybercriminals often target employee endpoints, such as desktops, laptops, tablets, and mobile devices, and use them as a way into the corporate infrastructure. They use social engineering, spear phishing, and other means to trick unsuspecting employees into downloading seemingly innocuous files that contain malware or redirect them to malicious websites, ultimately giving the attacker access to some of your organizations most sensitive data. According to our Forrsights Devices And Security Workforce Survey, Q2 2012, 51% of employees have access to sensitive customer data and 23% have access to nonpublic financial information whether they need that access or not (see Figure 1).

Year after year, protecting data is a top priority for security decision-makers and influencers.1 Employee endpoints are frequent targets of cybercriminals, and gaining control of the endpoint provides easy access to some of the organizations most sensitive data assets. Forrester believes that any comprehensive data security strategy must include both reducing the endpoint threat surface and limiting exposure to data loss involving these endpoints.

Figure 1 Employees (And Their Endpoints) Have Access To A Multitude Of Data Types

Source: Forrester Research, Inc.103581

What types of information do you have access to at work, regardless of whether youneed to use it for your job or not?

Base: 4,262 North American and European IT security decision-makers

Source: Forrsights Devices And Security Workforce Survey, Q2 2012

Customer data (e.g., names, contactinformation, credit card data) 51%

Contracts, invoices, customer orders 41%

Customer service data, account numbers 40%

Intellectual property belonging to the company(blueprints, designs, formulas, recipes) 30%

Employee data (e.g., HR data, payroll data) 27%

Nonpublic corporate nancialinformation relating to the company 23%

None of the above 20%

Nonpublic corp marketing/strategyplans relating to the company 19%




Endpoint Security Remains Just One-Tenth Of The Overall Security Budget

The latest Forrsights security survey found that budget for endpoint security has remained flat from 2010 to 2013 approximately 9% to 11% of the total IT security budget (see Figure 2). The same survey found that certain industries, such as the public sector, healthcare, retail, and wholesale, are less likely to increase endpoint security spending in 2014, compared with business services, utilities, and media/entertainment/leisure industries.2 While the former include some highly regulated industries, the latter have a higher percentage of mobile workers. According to our survey, 41% of workers in business services and 28% of workers in utilities work while traveling at least a few times per month.3 The more mobile the workforce, the more important it is for S&R pros to protect sensitive data from theft or loss or when employees connect to public Wi-Fi networks and other access points.

Figure 2 Endpoint Security Spending Remains Stable Year-Over-Year


What percentage of your rms IT security budget will go to the following technology areas?(Client threat management)

Base: 663 SMB and 549 enterprise NA/EMEA IT security decision-makers*Base: 606 SMB and 746 enterprise NA/EMEA IT security decision-makersBase: 728 SMB and 669 enterprise NA/EMEA IT security decision-makersBase: 682 SMB and 735 enterprise NA/EMEA IT security decision-makers

Year surveyed

Source: Forrsights Security Survey, Q3 2010*Source: Forrsights Security Survey, Q2 2011Source: Forrsights Security Survey, Q2 2012Source: Forrsights Security Survey, Q2 2013

2010 2011* 2012 2013

Enterprise SMB

9%

11%10%

11%10% 10%

9%10%




S&R PROS PREFER TO SOURCE ENDPOINT SECURITY FROM A SINGLE VENDOR

While overall endpoint security spending has remained relatively consistent, many S&R pros have stretched their budget by investing in security products that integrate multiple technologies (organized into product suites offered by a single vendor). In fact, 60% of enterprises and 61% of SMBs prefer to source their endpoint security technologies through a single vendor (see Figure 3).

Investing in product suites allows S&R pros to take advantage of suite discounting while acquiring a broader set of security technologies.4 Ancillary benefits include less time spent training security staff on multiple interfaces while giving security pros integrated management and reporting for a better overall security posture. Forrester often speaks with client organizations in the midst of vendor selection projects that ultimately choose product suites over point products for these very reasons.

Figure 3 S&R Orgs Prefer Single-Vendor Suites Over Multiple Point Products For Endpoint Security

S&R PROS WILL FOCUS THEIR INVESTMENTS ON ADVANCED CONTROLS

Although antivirus (AV) has become nearly ubiquitous, it is no longer sufficient.5 To protect against evolving threats, S&R pros are adopting controls that are more advanced (see Figure 4 and see Figure 5). While some technologies, such as host firewall and patch management, have found widespread deployment in enterprises and SMBs, others are less adopted but increasing in popularity due to a number of business technology trends.6 Specifically, Forrester sees that:

Endpoint DLP continues to gain footing as mobility increases. S&R pros concerned with internal threats turn to DLP to protect their data. However, as corporate data increasingly resides on endpoints outside the network, technologies such as endpoint DLP, which can ensure that protection travels with the data, become more appealing.


Endpoint (desktop/laptop) security: How does your rm prefer to source eachof the following types of security technologies or managed/SaaS services?

Base: 1,863 North American and European IT security decision-makers

Source: Forrsights Security Survey, Q2 2013

Single vendor portfolio/ecosystem(prefer only one vendor)

38%33%

Best-of-breed solution(prefer multiple vendors)

60%61% SMB

Enterprise




Host intrusion prevention system (HIPS) picks up where network security leaves off. As the mobility trend increases, continuous protection from network-based security technologies is not always feasible. HIPS moves past traditional AV signature-based detection and uses more-advanced systems analyses to detect and stop attacks as they occur, wherever they may occur.7

Full disk encryption protects against device loss and compliance failures. To protect data and achieve compliance, S&R pros are increasingly turning to full disk encryption. Full disk encryption is by far the easiest to implement and presents little impact on the user experience when compared with file-level encryption.8 Therefore, full disk encryption is often a popular choice among organizations with tough data protection requirements.

Self-encrypting drives offer superior security and performance over software-based solutions. Compared with software-based full disk encryption solutions, self-encrypting drives enjoy higher adoption in the enterprise due to their superior security stance and lower impact on endpoint performance.9

File-level encryption is especially popular in shared environments. For those files residing on the endpoint requiring an extra layer of security, file-level encryption offers a reliable way to prevent unauthorized users from accessing this information. This is especially critical in hospitals, retail locations, and schools or universities where endpoints can have multiple users.

Figure 4 Enterprise 2014 Projected Spending Versus Current Deployed Base


Base: 379 client security decision-makers at enterprises with 1,000 or more employees

Already implemented

Plan

ning

to im

plem

ent

in th

e ne

xt 1

2 m

onth

s


HIPS

What are your rms plans to adopt the following client security (desktop/laptop) and data security technologies?

50% 55% 60% 65% 70% 75% 80% 85% 90%

7%

9%

11%

13%

15%

17%

19%

DesktopDLP

File-levelencryption

Device/portcontrol

Personal rewall

URLltering

Applicationwhite listing

Device kill

Full disk encryption(software-based)

Full disk encryption(self-encrypting drive)

Patch management

Antivirus




Figure 5 SMB 2014 Projected Spending Versus Current Deployed Base

Proactive Security Controls Will Continue To Gain Traction Through 2014

Traditionally, S&R pros have relied on signature-based antimalware as the focal point to their endpoint protection strategy, but third-party research has shown this approach is far from perfect when protecting against zero-day malware.10 Proactive security tools, such as application white listing and patch management technologies, help reduce the threat surface of the endpoint environment to a more manageable level without relying on signatures.

Proactive controls certainly come with some management overhead, but they can offer superior protection when compared with blacklist-based techniques.11 Case in point: A large media company with extensive software R&D demands recently told Forrester: Antimalware (signature-based) is a dead technology. We plan to phase this out in favor of application white listing and vulnerability management techniques over the next year.

Data shows that organizations see the value in such techniques at preventing malware from taking hold on the endpoint. Although 23% of enterprises and 21% of SMBs plan to implement application


Base: 313 client security decision-makers at SMBs with 20 to 999 employees

Already implemented

Plan

ning

to im

plem

ent

in th

e ne

xt 1

2 m

onth

s


What are your rms plans to adopt the following client security (desktop/laptop) and data security technologies?

30% 40% 50% 60% 70% 80% 90%0%

2%

4%

6%

8%

10%

12%

14%

16% Applicationwhite listing

Full disk encryption(self-encrypting drive)

Full disk encryption(software-based)

File-level encryption

URL lteringPatch management

Personal rewall Antivirus

Device/port control

DLP

Device kill

HIPS




white listing in the next 12 months and beyond, only 11% of both enterprises and SMBs plan to adopt antimalware. Patch management technologies are almost equally hot today, with 17% of SMBs and 20% of enterprises planning to adopt in the next 12 months and beyond.

ENDPOINT SECURITY SOFTWARE-AS-A-SERVICE ADOPTION SKYROCKETS

Forrester defines endpoint security software-as-a-service (SaaS) as endpoint security services or functions hosted by a third party, billed on a pay-per-use model, and delivered via a multitenant architecture. Drivers for SaaS delivery of endpoint security technologies include scalability, lower operational overhead, and the need for a thinner client footprint. Security technologies such as host firewalls and AV software are prime candidates for security SaaS delivery given their popularity and dependence on external update services. Going forward, security pros can expect endpoint security SaaS suites with more comprehensive functionality, including file reputation feeds, application control and management, and patch management.

Enterprises Take The Lead In The Adoption Of Endpoint Security Software-As-A-Service

According to our Forrsights Security Survey, Q2 2013, 46% of all organizations either have deployed or are planning to upgrade their existing endpoint security SaaS implementation (see Figure 6). Another 10% of organizations plan to adopt endpoint security SaaS for the first time in 2014. We see some interesting trends when we compare SMBs versus enterprise adoption:

SMBs have a healthy adoption of endpoint security SaaS . . . In the past, SMBs have led the way when it comes to cloud service adoption. Endpoint security SaaS delivery takes away much of the operational overhead and offers the welcome possibility of completely outsourcing the cumbersome task of managing the security and operations of user endpoints. For smaller organizations with limited staff and expertise in managing complex security tools, its often thought that SMBs are poised to benefit the greatest from the practice of outsourcing these tasks to cloud service providers.

. . . but enterprises are far outpacing their adoption. However, Forrester now sees enterprise adoption of endpoint security SaaS (51%) surpassing that of SMBs (41%). Furthermore, 17% of enterprises plan to upgrade their current endpoint security SaaS implementations compared with 9% within SMBs. Both enterprises and SMBs appreciate the benefits brought on by the cloud delivery of these services, but enterprises security teams often have additional responsibilities beyond traditional IT security, and they must deal with more threats and frequent attacks, so adopting endpoint security SaaS is a good way to free up internal resources to focus on more critical tasks.




Figure 6 Endpoint Security Software-As-A-Service Heats Up Within Enterprises And SMBs

W H AT I T M E A N S

SECURITY PROS MUST LOOK FOR WAYS TO SPEND SMARTER, NOT MORE

With the explosion of endpoint form factors as a visible attack vector to your network, S&R pros at organizations, regardless of size, must take a renewed interest in endpoint security. Considering that your budget for endpoint security will likely remain the same during the next 12 months, S&R pros must look for ways to maximize their current and planned investments. This means:

Invest in proactive security controls rather than (more) reactive technologies. Threat protection is a critical component to any organizations endpoint security strategy. Rather than adopting new or expanding currently implemented signature-based measures (think antivirus and antimalware), consider more proactive techniques such as application white listing combined with targeted patch management.


Source: Forrsights Security Survey, Q3 2009*Source: Forrsights Security Survey, Q3 2010Source: Forrsights Security Survey, Q2 2011Source: Forrsights Security Survey, Q2 2012Source: Forrsights Security Survey, Q2 2013

Base: 950 SMB and 1,009 enterprise NA/EMEA IT security decision-makers*Base: 1,009 SMB and 1,049 enterprise NA/EMEA IT security decision-makers

Base: 856 SMB and 1,267 enterprise NA/EMEA IT security decision-makersBase: 1,030 SMB and 1,124 enterprise NA/EMEA IT security decision-makers

Base: 313 SMB and 379 enterprise NA/EMEA IT security decision-makers

Year surveyed

0%

12%

24%

36%

48%

60%

What are your rms plans to adopt the following as-a-service security oerings/approaches?(Endpoint security)

2009 2010* 2011 2012 2013

Already implemented and/or expanding

Enterprise

SMB




Choose an endpoint encryption solution based on user experience and flexibility. Avoid point products that dont provide good integration with enterprise identity management and endpoint management in general. Consider native OS options when appropriate. For an endpoint encryption implementation to be successful, it must be secure by default and provide a transparent user experience.

Keep an eye toward future endpoint security delivery methods. As endpoints become increasingly mobile and the infrastructure needed to protect them more complex, endpoint security SaaS will become more attractive to SMBs and enterprises alike. Move more of your core endpoint security controls into the cloud as opportunity and technology maturity allow.

SUPPLEMENTAL MATERIAL

Methodology

Forresters Forrsights Security Survey, Q2 2013, was fielded to 2,134 IT executives and technology decision-makers located in Canada, France, Germany, the UK, and the US from SMB and enterprise companies with two or more employees. This survey is part of Forresters Forrsights for Business Technology and was fielded from March 2013 to June 2013. ResearchNow fielded this survey online on behalf of Forrester. Survey respondent incentives include points redeemable for gift certificates. We have provided exact sample sizes in this report on a question-by-question basis.

Each calendar year, Forresters Forrsights for Business Technology fields business-to-business technology studies in more than 17 countries spanning North America, Latin America, Europe, and developed and emerging Asia. For quality control, we carefully screen respondents according to job title and function. Forresters Forrsights for Business Technology ensures that the final survey population contains only those with significant involvement in the planning, funding, and purchasing of IT products and services. Additionally, we set quotas for company size (number of employees) and industry as a means of controlling the data distribution and establishing alignment with IT spend calculated by Forrester analysts. Forrsights uses only superior data sources and advanced data-cleaning techniques to ensure the highest data quality.

Companies Interviewed For This Report

Three end user organizations that asked to remain anonymous.




ENDNOTES1 For more information on what constitutes sensitive data and the value in protecting such data, see the April

5, 2013, Strategy Deep Dive: Define Your Data report.

2 According to Forrsights Security Survey, Q2 2013, certain industries anticipate higher endpoint security spending in the following year (2014) based on responses to our question, How do you expect your firms security spending in the following technology areas will change from 2013 to 2014? Results show that 39% of organizations in the media, entertainment, and leisure industries, 31% of those in utilities and communications, and 28% of those in business services plan to spend 5% or more on client threat management in 2014. This contrasts with 19% in the public sector/healthcare and 23% in retail and wholesale. Source: Forrsights Security Survey, Q2 2013.

3 According to the Forrsights Workforce Employee Survey, Q2 2012, there are significant industry differences in the percentage of employees who report working outside of the office in a given month. For instance, 41% of those in business services and 28% in utilities work while traveling at least a few times per month. This contrasts with 25% in retail and 23% in the healthcare industries. These same highly mobile industries also anticipate higher endpoint security spending in 2014, according to the Forrsights Security Survey, Q2 2013.

4 For more information on the benefits of investing in an endpoint security product suite, as well as an evaluation of existing solutions, see the January 4, 2013, The Forrester Wave: Endpoint Security, Q1 2013 report.

5 Antivirus is software that is used to prevent, detect, and remove malware from the endpoint. Malware can be any form of computer virus, spyware, worm, Trojan horse, or any executable that causes harm to the endpoint or connected network.

AV-Test and AV-Comparatives.org both report low detection rates (between 65% and 98%, depending on tools used) when using antimalware engines to detect previously unknown malware resident on Windows machines. Visit the following for more information. Source: Microsoft: Security Essentials, AV-Test, May-June 2013 (http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1%5Breport_no%5D=132335) and Retrospective/Proactive test, AV-Comparatives.org, August 2013 (http://www.av-comparatives.org/wp-content/uploads/2013/08/avc_beh_201303_en.pdf).

6 Host firewall is software installed on the endpoint that is designed to permit or deny network transmissions based on a set of rules defined by the system administrator, the intended outcome being to let good traffic pass while blocking malicious traffic.

Patch management is a centrally managed software agent that continually checks for the existence of the latest patches for all software installed on the endpoint. When critical patches are released, the agent verifies that these are installed in a timely fashion

7 HIPS is a centrally managed software tool installed on the endpoint that uses various methods to detect, prevent, and log malicious activity. Methods used might include code analysis, network traffic analysis, file system analysis, log analysis, and network configuration monitoring.




8 For more information on the pros and cons of different types of full disk encryption technologies, see the January 16, 2013, Market Overview: Endpoint Encryption Technologies, Q1 2013 report.

9 Self-encrypting hard drives, such as Opal-compliant self-encrypting drives (SEDs) and Windows 8 Encrypted Hard Drive, leverage hardware capabilities built into the disk drive itself to perform encryption and decryption. In each case, the disk drive itself performs crypto instructions. This frees the CPU for other parallel tasks without impacting endpoint performance. Self-encrypting drives operate independently of the operating system, which means even an OS compromise may not necessarily lead to the compromise of encrypted data. In comparison, software-based solutions often leverage the endpoints CPU for encryption/decryption functions, which may negatively impact overall performance.

10 AV-Test and AV-Comparatives.org both report low detection rates (between 65% and 98%, depending on tools used) when using antimalware engines to detect previously unknown malware resident on Windows machines. Visit the following for more information. Source: Microsoft: Security Essentials, AV-Test, May-June 2013 (http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1%5Breport_no%5D=132335) and Retrospective/Proactive test, AV-Comparatives.org, August 2013 (http://www.av-comparatives.org/wp-content/uploads/2013/08/avc_beh_201303_en.pdf).

11 For more information on the pros and cons of leveraging proactive security technologies such as application control and patch management when combating malware on the endpoint, see the September 7, 2012,

Application Control: An Essential Endpoint Security Component report.

Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to global leaders in business and technology. Forrester works with professionals in 13 key roles at major companies providing proprietary research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 29 years, Forrester has been making IT, marketing, and technology industry leaders successful every day. For more information, visit www.forrester.com. 103581

Forrester Focuses On Security & Risk Professionals To help your firm capitalize on new business opportunities safely,

you must ensure proper governance oversight to manage risk while

optimizing security processes and technologies for future flexibility.

Forresters subject-matter expertise and deep understanding of your

role will help you create forward-thinking strategies; weigh opportunity

against risk; justify decisions; and optimize your individual, team, and

corporate performance.

SEAN RHODES, client persona representing Security & Risk Professionals

About ForresterA global research and advisory firm, Forrester inspires leaders,

informs better decisions, and helps the worlds top companies turn

the complexity of change into business advantage. Our research-

based insight and objective advice enable IT professionals to

lead more successfully within IT and extend their impact beyond

the traditional IT organization. Tailored to your individual role, our

resources allow you to focus on important business issues

margin, speed, growth first, technology second.

FOR MORE INFORMATION

To find out how Forrester Research can help you be successful every day, please contact the office nearest you, or visit us at www.forrester.com. For a complete list of worldwide locations, visit www.forrester.com/about.

CLIENT SUPPORT

For information on hard-copy or electronic reprints, please contact Client Support at +1 866.367.7378, +1 617.613.5730, or [email protected]. We offer quantity discounts and special pricing for academic and nonprofit institutions.

ast 0110945 forrester endpoint security trends

Documents

security trends

endpoint security spending

flatendpoint security

security professionals

source endpoint security

overall security landscape

security risk professionalswhy

security decisionmakers