DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY /    ( Table of Contents )

Breaking News - Security:

Survey Ranks Top Three Security Mgmt Issues

When 335 network administrators and network managers were asked what keeps them up at night, survey respondents indicated a lack of insomnia and a hefty amount of complacency, according to an Amplitude Research survey commissioned by VanDyke Software, a developer of customer-driven software solutions for secure network communications and administration. Two issues tied as being of prime concern to those network administrators surveyed: 32 percent responded that they worry most about "the next virus/worm" and an equal percentage answered they worry most about "a security breach to the enterprise's network." The big surprise was that 34 percent of survey respondents said they had "no worries and sleep like a baby."

Network administrators who said they have "no worries and sleep like a baby" included:

• 44.9 percent with 25 to 99 employees.

• 25 percent with one to nine employees.

• 23.53 percent with 10 to 24 employees.

• 22.78 percent with 100 to 249 employees.

• 17.86 percent with more than 20,000 employees.

• 14 percent with 10,000 to 19,999 employees.

A majority of network administrators (51.94 percent) said their organization's budget to support information security needs was insufficient:

• 63.16 percent with 25 to 99 employees.

• 58.82 percent with 100 to 249 employees.

• 56.16 percent with 250 to 999 employees.

• 51.56 percent with 1,000 to 4,999 employees.

• 50 percent with 10 to 24 employees.

• 42.31 percent with 10,000 to 19,999 employees.

• 41.94 percent with more than 20,000 employees.

• 40.74 percent with 5,000 to 9,999 employees.

• 36.36 percent with one to nine employees.

A separate question asked the network administrator surveyed to identify external events that have had the greatest impact on their information security plans. A little more than 10 percent identified Homeland Security, while 39 percent cited customer, vendor, and/or business partner requirements, and 23 percent noted legislative drivers such as Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOX) Act and Graham-Leach-Bliley (GLB) Privacy Act.

"One of the more interesting findings, when you peel the onion a bit and look at the network administrator's concerns is that those who report 'Homeland security' as being the greatest concern are more likely than other respondents to express the belief that their company has budgeted sufficiently to support their current information security needs," said Steve Birnkrant, CEO of Amplitude Research. "For the largest companies with more than 20,000 employees, a significant percentage selected Legislative drivers as currently having the greatest impact on information security plans with only one respondent in the one to nine employee size range selecting this choice."

The following issues were ranked either first, second, or third most important in terms of security management issues facing their company:

• keeping virus definitions up to date (69 percent).

• securing remote access (45 percent).

• patching systems (42 percent).

• monitoring intrusions (36 percent).

• user awareness (26 percent).

• spam (24 percent).

• network use monitoring (20 percent).

• password management (18 percent).

• user training (12 percent).

• managing logs (6 percent).

About 43 percent of the network administrators surveyed said they are using the Secure Shell (SSH) protocol to protect data, secure remote access, and perform network management. While the current SSH2 is significantly more robust and secure, nearly 45 percent of the network administrators who are using SSH said they are continuing to mostly use the older SSH1 protocol. A cause for greater concern is that 54.9 percent of 337 network administrators surveyed said they continue to configure their network devices via Telnet, which is known by network security experts as being severely vulnerable to network intruders because it sends data as clear text and offers only weak password authentication.

"Telnet and its inherit insecurity has been around for a long time. And from the data gathered, it is clear that Telnet is still in wide use in organizations large and small," said Jeff P. Van Dyke, founder and president of VanDyke Software. "Although newer devices can be configured with https or Secure Shell, there are a still a huge number of devices installed out there that don't support configuration with a secure protocol. Until we see a very public exploit of Telnet, I expect Telnet is probably here to stay."