Risk
5/13/2009
08:47 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Survey: What Keeps Network Administrators Up At Night

Sixth annual survey of 320 network and systems admins shows a noticeable decrease in IT budgets

BOCA RATON, FL and ALBUQUERQUE, NM, May 14, 2009 / PRNewswire / — According to findings from the sixth annual "What Keeps Network Administrators Up At Night" survey commissioned by VanDyke Software and executed by Amplitude Research, the world of enterprise network and systems administrators has seen IT budget landscapes turned upside down, producing a dynamic of IT security "haves" and "have nots" " with differing levels of confidence to manage IT security priorities and challenges.

Reversal of fortune for IT budgets

This year's survey of 320 network and systems administrators conducted the third week of April found that 41% were seeing a decrease in their company's 2009 overall IT budget as compared to 2008, while 22% were seeing an increase. In the 2008 survey, only 18% were seeing a decrease in their company's 2008 IT budget as compared to 2007, while 44% were seeing an increase.

While more than half of all network and systems administrators feel they are sufficiently budgeted for information security needs, this year showed a significant decline in perceived sufficiency of IT budgets to meet security needs. In the April 2009 survey, 54% of respondents indicated they were sufficiently budgeted (46% said they were not), as compared to 64% who said they had sufficient budget in the 2008 survey. "That's a significant decline," said Amplitude Research CEO Steve Birnkrant.

Current economic conditions and security project cancellations

Overall, 27% of the respondents were aware of cancellations of 2009 IT security projects as a result of a perceived poor economy. Among those feeling their company was not sufficiently budgeted for security needs, 39% were aware of their company canceling security projects. In contrast, 17% of those who felt their company was sufficiently budgeted were aware of their company canceling 2009 IT security endeavors/projects as a result of a perceived poor economy.

Perception of IT budget sufficiency influences top security concerns

When asked "What keeps you up at night?", slightly more than one-third (36%) of the respondents said they were "sleeping like a baby". Others were "kept up at night" by worrying about various concerns, such as their users, their recovery plan (or lack thereof), the next virus, or a breach to their network or website. Between 2008 and 2009 there has been a slight decline in the proportion worrying about each issue, with the exception of "your users". In particular, the proportion worrying about a security breach to their network dropped significantly from 36% in 2008 to 27% in 2009.

Among those who felt their organization has budgeted sufficiently to support their current security needs, 48% said they were sleeping like a baby, while 22% of those facing an insufficient budget said they were sleeping like a baby.

Of those who said they felt budgeted sufficiently for security needs, their top security concerns included: users (25%); a security break to the network (22%); recovery plan (18%); worrying about the next virus/worm (16%); and a security breach to their own website (9%). Meanwhile of those who said they felt budgeted insufficiently for security needs, their top security concerns ranked: users (41%); recovery plan (39%); security breach to the network (34%); worrying about the next virus/worm (28%); and security breach to their website (7%). "For both the sufficiently budgeted and insufficiently budgeted network and systems administrators, users were a top concern " more so for those feeling a budget deficit," said Birnkrant.

Since 2004, the survey has asked network and systems administrators how satisfied they were with the security of the datacenter/server farm; desktop PCs; physical security; wireless LANs; remote access; laptops; and handheld devices. Said Amplitude Research's Birnkrant: "What is most interesting about the results this year is that the level of satisfaction with the security of laptops and handheld devices declined significantly between 2008 and 2009, while the results for other types of items did not decline in 2009 compared to 2008. The percentage satisfied with the security of the laptops at their company went from 67% in 2008 to 59% in 2009. At the same time, the proportion satisfied with the security of the handheld devices at their company went from 52% in 2008 to 37% in 2009. This suggests that the most portable devices (i.e., laptops and handheld devices) appear to be of particular concern for many network administrators in 2009."

Added Birnkrant, "Results for laptops and handheld devices had been improving from 2005 through 2008. But then the 2009 results represent a significant reversal of what had been a positive trend."

A correlation between budget deficiency and confidence deficiency in securing mobile computing devices

Birnkrant of Amplitude Research added that "the results demonstrate a connection between those who feel they are insufficiently budgeted and their confidence level in securing laptops and handheld devices." Of those network and systems administrators who responded that they have a sufficient security budget in 2009, 76% indicated they were satisfied with the security of the laptops at their company. Of those who responded that they do not feel they have a sufficient security budget, only 39% were satisfied with laptop security. At the same time, of those who do not feel they have a sufficient budget, 45% were dissatisfied with laptop security vs. 14% of those who felt sufficiently budgeted.

When asked if their company has formal policies regarding the offsite use of laptop computers (such as password-protected screen savers, sign-out procedures, laptop audits, restrictions on software installation, marking or branding of laptop exteriors, etc.), more than half (57%) reported that their company has formal policies. But among those who do not feel their company has budgeted sufficiently for security needs, less than half (49%) reported that they have formal policies regarding the offsite use of laptop computers (vs. 63% of those who felt sufficiently budgeted).

"Among those respondents who reported formal policies regarding the offsite use of laptop computers, 74% indicated that these policies resulted in greater responsibility by laptop users," said Birnkrant.

The 2009 study was commissioned by VanDyke Software and conducted online by Amplitude Research during the third week of April 2009 among Amplitude's nationwide technology panel and had 320 total survey respondents with a maximum sampling margin of error of 5.5%. To obtain an executive summary of the 2009 survey results, contact Michael Krems of Krems Public Relations at krems@kremspr.com.

About Amplitude Research, Inc.

Amplitude Research' is a privately owned online market research company headquartered in Boca Raton, Florida, with blue chip clients located throughout the United States and Canada. Amplitude combines its proprietary market research software, top quality survey panels, and experienced professional services to deliver actionable survey results. Amplitude's Panelspeak' Technology Panel (http://www.panelspeak.com) was formed in early 2002 and can reach more than 100,000 IT professionals representing all types and sizes of organizations, and includes such job titles as network or systems administrator, IT manager, software developer, software architect, web developer, and C level or higher IT professional. The name "Amplitude" Research and its tagline "loud and clear" signify Amplitude's high-quality statistical and reporting services tailored to meet each client's specific needs. For more information about Amplitude Research and its market research surveys, visit the company's website at http://www.amplituderesearch.com.

About VanDyke Software, Inc.

Busy IT professionals depend on VanDyke Software to deliver rock-solid, easy-to-configure software for secure remote access, secure file transfer, terminal emulation, and remote administration. VanDyke offers a fully-supported 30-day evaluation of its products prior to purchase, providing both evaluators and customers with a higher level of service. The company's product offerings include the SecureCRT' Secure Shell terminal emulator, the SecureFX' secure file transfer client, the VanDyke ClientPack, and the VShell' Secure Shell server. For more information about VanDyke Software, visit the company's website at http://www.vandyke.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web