Senior corporate executives are largely unaware of how secure their data centres are, according to a recent McAfee report.
Only 22 percent of data centre managers surveyed in a report felt senior management is aware of the company’s security preparedness, according to a data centre study from McAfee released on 3 October. There is a “serious disconnect” between what managers think about the security measures in place and what is actually implemented, the survey found.
“It is astounding that almost two-thirds of our respondents say that their management is in the dark about their true security status,” said Dan Olds, principal analyst at Gabriel Consulting Group, who conducted the study on behalf of McAfee.
The results of the study are strikingly similar to the conclusions reached by PwC in its annual Global Information Security Survey, released mid-September. In the PwC report, 43 percent of those surveyed believe their organisations qualify as “leaders” in how they’d implemented security. In actuality, less than 5 percent of the organisations actually qualify as “leaders”.
Most of the executives in the study have a “false sense of security”, said Mark Lobel, a principal in the advisory services division of PwC.
Management often views data centre security as an expense item that doesn’t provide a financial return, said Gabriel Consulting’s Olds. “Security is only an issue to management where there is a problem – otherwise, it’s still a ‘why are we spending all this money’ question in budget meetings,” a respondent told Olds.
In the McAfee study, more than 40 percent of survey participants feel their organisation is not keeping up with the latest threats. Even more disconcerting, 40 percent said that their organisation’s day-to-day security does not meet the standards set by official policies that are in place. Nearly half of the information managers said they are “constantly” finding security holes within the data centre.
Organisations with centralised security did not fare better than others, the study found. Just centralising security responsibilities and authority isn’t enough, according to Olds. A “real effort” to implement strong “defense in depth” security to defend against inside and outside threats, but flexible enough to allow users to do their jobs is required, Olds said.
The report also found that organisations used as many as seven security vendors to secure the data centre. More vendors introduce complexity as the products all have different tools and consoles, but still need to be configured to work together. Olds said he expects enterprises to reduce the number of vendors they work with over time, as they invest in more integrated products that solve multiple problems.
There were other red flags in the report. Despite the fact that half of the respondents in the study believe that virtualisation and private cloud require unique security measures, most respondents reported using the same tools to secure both physical and virtual infrastructure. Approximately 70 percent of respondents were sceptical of public cloud security, the survey found.
The 2011 Data Centre Security Survey focused on security issues faced by 147 enterprise data managers.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…