Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Data Breaches, Attacks Still Have IT Security Worried, Survey Finds

Part 1 of our report on InformationWeek's 2012 Strategic Security Survey focused on the enterprise outlook on cloud and mobile device security. In Part 2, we explore how IT should deal with the complexity of managing information security.

First, the good news: IT has to put less effort into getting buy-in and sufficient funding for security. The bad news? Fifteen percent of organizations report being more vulnerable to attacks and data breaches--the same percentage as last year, according to InformationWeek's 2012 Strategic Security Survey.

More Insights


More >>

White Papers

More >>


More >>

In fact, that figure has been fairly consistent since 2009, notes Michael A. Davis, CEO of Savid Technologies, a Chicago-based technology and security consulting firm. Davis authored the report on the survey, in which more than 900 IT professionals participated.

The No. 1 reason cited for the increased vulnerability is the increased sophistication of the attacks, followed by the number of ways to attack a corporate network. Davis says one notable change was a 10-point jump in the percentage of respondents who cited growing volumes of data as a factor in their increased vulnerability.

Also mostly unchanged is that 19% of companies reported experiencing a breach this year; that's compared with 20% in 2011. What are the effects of those attacks? While 42% reported in 2011 that network/business applications were unavailable, that number decreased to 35% in 2012. Some 30% also cited intellectual property theft/information confidentiality was compromised in 2012, virtually unchanged with last year's figure of 31%.

Add to the mix the fact that too many disparate mobile security policies are also leaving organizations vulnerable, and it would seem like a no-brainer that management would increase spending on security. Yet, that isn't happening--security spending remains stagnant or about the same; 31% of respondents said security budgets would increase in 2012, compared with 38% in 2011, while 52% said it will remain about the same, compared with 49% last year.

The most surprising aspect of the survey findings is the lack of secure software training and secure software development, says Davis. "Given that we have seen SQL injection at the top of every vulnerability list for at least three years, you think organizations would have a plan in place to address these types of security issues, yet most don't."

Davis says if software is being developed in-house and IT isn't addressing software vulnerability, management needs to start that, pronto. "There are tools such as static and dynamic code analyzers that can put big dents in the number of security issues your software developers are creating," he says. "If you don't have money for tools, work with the PMO or software development life cycle to add in risk assessments and threat modeling to at least get in front of insecure software design, while you build the business case for the tools."

IT isn't adapting to the current threats and trends, Davis says. "They are running around like chickens with heads cut off and getting nothing done," he says. "If it was up to me, I would ask most security professionals to take three months and not read a single news piece on the latest threats or trends and focus on getting at least one new prevention and detection [technology] fully in place that solves one of their vulnerabilities."

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers