Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security Is In A Shaky State: Survey

Resourceful I.T. security professionals are getting the job done, but their efforts have been hampered by undersized staffs and underfunded budgets that limit choices ranging from what products they buy to the vendors they work with.

The third annual Strategic Deployment Survey conducted by Secure Enterprise, an InformationWeek sister publication, polled more than 1,500 IT-security pros about their companies' security and their tactics for dealing with challenges. Follow-up interviews provided even more details on the state of IT security.

Shortfalls in security staffing and budgets aren't new, of course. But what makes the situation more nerve-racking are the regulatory risks and compliance requirements that fall to the IT security department, adding cost and work at a time when budgets are growing only moderately, if at all. Case in point: One multibank holding company with 500 employees and assets of almost $2 billion recently implemented monitoring, encryption, and intrusion-prevention technologies to assist its adherence to the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, the Bank Secrecy Act, and the Health Insurance Portability and Accountability Act. But the company's chief information security officer, who asked to remain unidentified, still has a bleak security outlook.

chart"Our staffing levels are inadequate and have an impact on our ability to maintain systems in accordance with our policies and standards," he says. "This problem won't improve. Hopefully, we can do more automation and less hands-on administration and monitoring."

He's not alone in his pessimism. The survey shows IT security staffing almost unchanged from last year--and, in a word, deficient. Forty-four percent of this year's respondents describe their security groups as moderately understaffed, with 21% saying they're severely understaffed. Last year, those numbers were 45% and 20%, respectively.

  • 1