Survey: Remote users - not data centers - keep network administrators up at night

May 26, 2005 -- (MobileVillage) -- A survey of 335 network/systems administrators and networking managers reveals a heightened comfort level about their abilities to protect the enterprise -- with one caveat. Those who expressed that they are "losing sleep" about security management issues indicated that much of their angst stems not from attacks coming from outside the enterprise, but from employees, who through their ignorance or errors, remain a significant cause of security vulnerabilities.

In this year's survey -- conducted by Amplitude Research and commissioned by web-based communications software provider VanDyke Software -- respondents expressed satisfaction with the current security at their organization in such areas as desktop PCs, remote access, physical security, and data centers/server farms. Data centers/server farms scored the highest satisfaction level at over 70%.

In addressing their organization's information security issues, 88% of network administrators indicate that they use internal staff and resources, 10% said they employ a security consultant to advise and assist internal staff, while 2% said they outsource to a managed service provider or consulting firm. Ten percent said they are assembling information security tools from a single source for a turnkey solution, while 81% indicate they mix-and-match from multiple sources.

Those respondents that expressed concerns about their users selected a "failure to adhere to company security policies" (40%) as their most important concern, followed by "insufficient training time or budget" (28%) and "no mandate from top management" (23%).

When respondents who indicated that they do not "sleep like a baby" were asked to rank their most important concerns, a "security breach to their network," a "recovery plan" (or lack thereof), and "worrying about the next virus/worm" were the highest ranked.

In this year's survey, network administrators were also asked about their comfort level in using technology to monitor individual employee usage of the Internet. Network administrators who work for organizations with more than 20,000 employees indicate that they are less comfortable using technology to monitor individual employee usage of the internet than are network administrators who work for organizations ranging in size from 100 to 5,000 employees. Only 37% of respondents who work for organizations with more than 20,000 employees indicate that they were "somewhat comfortable" or "very comfortable" with monitoring, with respondents who work for enterprises ranging in size from 250 to 5,000 employees indicating comfort levels of 50% or more.

This year's responses indicate that network administrators and networking managers "are generally satisfied with the level of security at their organizations," says Steve Birnkrant, CEO of Amplitude Research."Overall, network administrators expressed significantly higher levels of satisfaction with security at data centers and with desktop PCs than the use of wireless LANs, handheld devices, laptops, or the physical security at their workplace."

In last year's survey, slightly less than half of the respondents indicated that the budget at their organization was sufficient to support current information security needs, as compared to 52% this year.

Respondents were asked to identify the external event that has had the greatest impact on their information security plans. The results for 2004 and 2005 were similar with 10% in 2005 identifying Homeland Security, 18% selecting legislative drivers such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley Act (SOX), and the Graham-Leach-Bliley Privacy Act (GLB), and 37% identifying customer/vendor, partner requirements.

Forty-eight percent of the respondents indicate that their organization uses the Secure Shell (SSH) protocol, up from 43% last year. While the current SSH2 protocol is significantly more robust and secure than the original SSH1 version, there is only a small percentage increase in network administrators who indicate that they are using SSH2 protocol versus SSH1. Network administrators who work for organizations ranging in size from 250 to 4,999 employees indicate a more significant shift to using SSH2 in 2005 than 2004.

Fifty percent of the respondents indicate a comfort level with monitoring individual employee usage of the internet, with 29% of respondents working for companies with internet usage policies identifying the use of technology (hardware or software) as the primary method of implementing their organization's policy. Rules based solutions, server log analytics, and dedicated monitoring solutions were the most widely used solutions, with few respondents indicating use of keystroke loggers.

The survey of network administrators and network managers was conducted over a 5-day period from April 26 to April 30, 2005 and had overall 280 responses with a margin of error of 5.82% at a 95% confidence level. Thirty-eight percent of the survey respondents have worked in IT for five to ten years, with 49% having worked in the industry for more than 10 years. All different size employers were represented in the study with 28% of the respondents working for organizations with less than 100 employees, 30% working for organizations with 100 to 1,000 employees, 18% working for organizations with 1,000 to 5,000 employees, and 24% working for organizations with more than 5,000 employees.

An executive summary of the survey commissioned by VanDyke Software can be obtained by contacting Krems Public Relations at krems@kremspr.com.

Recent Related Stories:

iPass adds software policy enforcement service for mobile Internet connections

Report: Handheld device security could cost more than the device

Air2Web offers mobile access to enterprise IM apps

BeInSync & Laplink remote PC access / sync software updated

Back to MobileVillage News Page