There is a schism between security perceptions and reality among IT Enterprise security managers, according to new survey by McAfee.
The 2011 Data Center Security Survey focused on security issues and solutions among 147 enterprise data center mangers responsible for data centers of all sizes. The majority of respondents (60 percent) reported management believes security is stronger than it really is, while 22 percent reported management is aware of their company’s true security preparedness.
“It’s astounding that almost two-thirds of our respondents say that their management is in the dark about their true security status,” said Dan Olds, principal analyst at Gabriel Consulting Group. “This is something that should cause a lot of thought both in the executive suite and in the data center. Management needs to seek out the truth when it comes to IT security, and data center management needs to be frank and honest when discussing the strengths and weaknesses of their security mechanisms. Obviously, it’s far better to discuss potential security issues before they’re exposed by a breach.”
The report also found although nearly half of the respondents feel that virtualization and private clouds pose a unique security challenge, the majority of respondents are using the same tools to secure physical and virtualized systems.
Private and public cloud computing architectures rely on the virtualized data center to deliver increased business agility and scale. As organizations continue to adopt virtualization and cloud computing, security technology often replicates from physical resources, which results in various obstacles, such as inconsistent network policies and security loopholes.
Other key findings from the report include:
• Nearly half of the respondents reported they are constantly finding new security holes
• More than 40 percent of respondents feel their organization’s security pace isn’t keeping up with threats
• Approximately 70 percent of respondents are skeptical of public cloud security
• 40 percent of respondents report that day-to-day security does not conform to the standards required by their official polices.
“The move to virtualized data center requires organizations to consider their approach to security early in the design cycle,” said Greg Brown, vice president of Network Security at McAfee. “Using network and system security solutions that are optimized for virtualized environments ensures continuity of data center operations, without interfering with performance.”