News
IT Professionals Fear Losing Jobs Over Security Breach
- By James E. Powell
- May 04, 2007
A recent study commissioned by systems management and deployment appliance maker KACE found that the majority of IT professionals working in "Fortune 100,000" or mid-sized companies" (defined as those companies with 100 to 100,000 employees) fear they could lose their job in the event of a security breach at their company.
The remainder of the study shows they have good reason to be concerned. One
reason: inconsistent security strategies. Though 81 percent of respondents said
they perform patch management as part of their strategy, only 35 percent include
end-node vulnerability scanning, "and that's an important component of security,"
KACE CEO Rob Meinhardt told Enterprise Systems
in an interview.
Though nearly all have installed anti-virus software and more than 80 percent
use anti-spyware software, fewer than half use firewalls or automated desktop
configuration, a statistic that has Meinhardt particularly concerned.
"It's good that enterprises have installed anti-virus software, but it doesn't
end there," he said. "How do you know that it hasn't been disabled,
that virus definitions are up-to-date, or that settings haven't been changed?
Unless you're checking desktop and laptop configurations, you have a large hole
in your security strategy and you're exposed. It's at the end nodes where you
should look for succeptbility."
The research, which reflects the answers of 256 respondents -- including hands-on professionals, team managers and business owners, with many participants claiming multiple roles within their organization -- was commissioned by KACE to understand how IT professionals combine systems and security management, to identify the types of management tools companies use, and to assess "security readiness."
"IT departments around the globe are working endlessly to combat and minimize
security issues," said Diane Hagglund of King Research. "But interestingly enough,
most IT professionals from the mid-market sector in particular feel quite ill-prepared
when it comes to systems and security management, and most don't include end-node
vulnerability scanning as part of their ongoing practice, which could be a very
costly mistake."
Among the other major findings of the study:
-
Of those personally responsible for IT security, 62 percent report that
responsibility affects them in a personal way.
-
Nearly 87 percent of IT organizations are confident in their ability to
deal with "traditional" security problems (including viruses, spam, spyware
and malware), but only 35 percent feel they can deal with lost or stolen
equipment containing corporate or personal data. "That means they don't
have effective backup/recovery or business continuity features in place,"
Meinhardt observed.
-
Respondents say they are using six disparate user interfaces (on average)
for systems and security management, "which creates challenges in learning
and using the tools effectively," participants reported, according to KACE.
Increased efficiency ranked highest (at 69 percent) among the benefits of
a consolidated interface. Other benefits cited include ease of use, greater
quality of service (as a result of faster resolution times), consistency
and decreased costs.
-
Security professionals know theirs can be a round-the-clock job; the survey
noted that 87 percent of IT professionals must work evenings, weekends or
late nights.
The importance of the user interface shouldn't be ignored by vendors: "61 percent of all participants from mid-market companies who had five or more product interfaces for systems and security management reported that they have made a product purchase specifically to minimize the number of product interfaces their staff was required to use."
"The results are in and they prove that IT professionals from Fortune 100,000
companies are not confident with their present security measures, and are taking
the stress home with them to their personal lives," Meinhardt said. "The discomfort
these professionals are feeling about their security measures is actually an
opportunity for us."
KACE makes a family of appliances, named KBOX, to address these problems.
The full report is available at software.dell.com/documents.
About the Author
James E. Powell is the former editorial director of Enterprise Strategies (esj.com).