Spending on security is flattening after years of growth, but laptops and other such endpoint devices remain a weak link in the security of many organizations, according to an IDC analyst.
IDC security analyst Eric Domage told Computerworld that after six years of growth in security spending the boom was over, but firms had yet to address certain weak points in their security, with laptops the weakest link.
"Since the beginning of the year, almost every week there has been a story of client, customer or employee privacy exposure, usually related to a stolen laptop. And the data that has been lost or fallen into the wrong hands has included everything including client database details, retirement plans for employees and social security numbers, and even access to the global IT system," said Domage, who described such breaches as "absolutely crazy".
Domage said regulation designed to protect privacy, such as the U.K.'s Data Protection Act, as well as the risk of heavy fines, was prompting some U.K. firms to put in place more stringent security controls but more needed to be done.
Domage said high-profile cases like the theft of a laptop containing confidential customer information from Nationwide Building Society, had "dramatically changed companies' attitudes to personal data theft," and would in time prompt U.K. financial firms to change their behavior in the face of a possible fine.
Marks & Spencer, the NHS, Nationwide Building Society, the Metropolitan Police, the U.S. Department of Veterans Affairs, Southend Children services and Halifax Bank of Scotland are just some of high-profile examples that have been victims of data theft as a result of a stolen laptops.
To avoid such fines, Domage said there would likely be "a push to defend the end user that is travelling" and security firms offering endpoint security, enforced user-escort and global anti-malware services could do well.
Domage will be presenting at IDC's 17th annual European ICT Forum Enterprise 2.0, taking place in Berlin on 10 September.