08:47 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

Survey: What Keeps Network Administrators Up At Night

Sixth annual survey of 320 network and systems admins shows a noticeable decrease in IT budgets

BOCA RATON, FL and ALBUQUERQUE, NM, May 14, 2009 / PRNewswire / — According to findings from the sixth annual "What Keeps Network Administrators Up At Night" survey commissioned by VanDyke Software and executed by Amplitude Research, the world of enterprise network and systems administrators has seen IT budget landscapes turned upside down, producing a dynamic of IT security "haves" and "have nots" " with differing levels of confidence to manage IT security priorities and challenges.

Reversal of fortune for IT budgets

This year's survey of 320 network and systems administrators conducted the third week of April found that 41% were seeing a decrease in their company's 2009 overall IT budget as compared to 2008, while 22% were seeing an increase. In the 2008 survey, only 18% were seeing a decrease in their company's 2008 IT budget as compared to 2007, while 44% were seeing an increase.

While more than half of all network and systems administrators feel they are sufficiently budgeted for information security needs, this year showed a significant decline in perceived sufficiency of IT budgets to meet security needs. In the April 2009 survey, 54% of respondents indicated they were sufficiently budgeted (46% said they were not), as compared to 64% who said they had sufficient budget in the 2008 survey. "That's a significant decline," said Amplitude Research CEO Steve Birnkrant.

Current economic conditions and security project cancellations

Overall, 27% of the respondents were aware of cancellations of 2009 IT security projects as a result of a perceived poor economy. Among those feeling their company was not sufficiently budgeted for security needs, 39% were aware of their company canceling security projects. In contrast, 17% of those who felt their company was sufficiently budgeted were aware of their company canceling 2009 IT security endeavors/projects as a result of a perceived poor economy.

Perception of IT budget sufficiency influences top security concerns

When asked "What keeps you up at night?", slightly more than one-third (36%) of the respondents said they were "sleeping like a baby". Others were "kept up at night" by worrying about various concerns, such as their users, their recovery plan (or lack thereof), the next virus, or a breach to their network or website. Between 2008 and 2009 there has been a slight decline in the proportion worrying about each issue, with the exception of "your users". In particular, the proportion worrying about a security breach to their network dropped significantly from 36% in 2008 to 27% in 2009.

Among those who felt their organization has budgeted sufficiently to support their current security needs, 48% said they were sleeping like a baby, while 22% of those facing an insufficient budget said they were sleeping like a baby.

Of those who said they felt budgeted sufficiently for security needs, their top security concerns included: users (25%); a security break to the network (22%); recovery plan (18%); worrying about the next virus/worm (16%); and a security breach to their own website (9%). Meanwhile of those who said they felt budgeted insufficiently for security needs, their top security concerns ranked: users (41%); recovery plan (39%); security breach to the network (34%); worrying about the next virus/worm (28%); and security breach to their website (7%). "For both the sufficiently budgeted and insufficiently budgeted network and systems administrators, users were a top concern " more so for those feeling a budget deficit," said Birnkrant.

Since 2004, the survey has asked network and systems administrators how satisfied they were with the security of the datacenter/server farm; desktop PCs; physical security; wireless LANs; remote access; laptops; and handheld devices. Said Amplitude Research's Birnkrant: "What is most interesting about the results this year is that the level of satisfaction with the security of laptops and handheld devices declined significantly between 2008 and 2009, while the results for other types of items did not decline in 2009 compared to 2008. The percentage satisfied with the security of the laptops at their company went from 67% in 2008 to 59% in 2009. At the same time, the proportion satisfied with the security of the handheld devices at their company went from 52% in 2008 to 37% in 2009. This suggests that the most portable devices (i.e., laptops and handheld devices) appear to be of particular concern for many network administrators in 2009."

Added Birnkrant, "Results for laptops and handheld devices had been improving from 2005 through 2008. But then the 2009 results represent a significant reversal of what had been a positive trend."

A correlation between budget deficiency and confidence deficiency in securing mobile computing devices

Birnkrant of Amplitude Research added that "the results demonstrate a connection between those who feel they are insufficiently budgeted and their confidence level in securing laptops and handheld devices." Of those network and systems administrators who responded that they have a sufficient security budget in 2009, 76% indicated they were satisfied with the security of the laptops at their company. Of those who responded that they do not feel they have a sufficient security budget, only 39% were satisfied with laptop security. At the same time, of those who do not feel they have a sufficient budget, 45% were dissatisfied with laptop security vs. 14% of those who felt sufficiently budgeted.

When asked if their company has formal policies regarding the offsite use of laptop computers (such as password-protected screen savers, sign-out procedures, laptop audits, restrictions on software installation, marking or branding of laptop exteriors, etc.), more than half (57%) reported that their company has formal policies. But among those who do not feel their company has budgeted sufficiently for security needs, less than half (49%) reported that they have formal policies regarding the offsite use of laptop computers (vs. 63% of those who felt sufficiently budgeted).

"Among those respondents who reported formal policies regarding the offsite use of laptop computers, 74% indicated that these policies resulted in greater responsibility by laptop users," said Birnkrant.

The 2009 study was commissioned by VanDyke Software and conducted online by Amplitude Research during the third week of April 2009 among Amplitude's nationwide technology panel and had 320 total survey respondents with a maximum sampling margin of error of 5.5%. To obtain an executive summary of the 2009 survey results, contact Michael Krems of Krems Public Relations at krems@kremspr.com.

About Amplitude Research, Inc.

Amplitude Research' is a privately owned online market research company headquartered in Boca Raton, Florida, with blue chip clients located throughout the United States and Canada. Amplitude combines its proprietary market research software, top quality survey panels, and experienced professional services to deliver actionable survey results. Amplitude's Panelspeak' Technology Panel (http://www.panelspeak.com) was formed in early 2002 and can reach more than 100,000 IT professionals representing all types and sizes of organizations, and includes such job titles as network or systems administrator, IT manager, software developer, software architect, web developer, and C level or higher IT professional. The name "Amplitude" Research and its tagline "loud and clear" signify Amplitude's high-quality statistical and reporting services tailored to meet each client's specific needs. For more information about Amplitude Research and its market research surveys, visit the company's website at http://www.amplituderesearch.com.

About VanDyke Software, Inc.

Busy IT professionals depend on VanDyke Software to deliver rock-solid, easy-to-configure software for secure remote access, secure file transfer, terminal emulation, and remote administration. VanDyke offers a fully-supported 30-day evaluation of its products prior to purchase, providing both evaluators and customers with a higher level of service. The company's product offerings include the SecureCRT' Secure Shell terminal emulator, the SecureFX' secure file transfer client, the VanDyke ClientPack, and the VShell' Secure Shell server. For more information about VanDyke Software, visit the company's website at http://www.vandyke.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.