Gabriel Consulting Unveils Key Findings of 2011 Data Center Security Survey
Requirements Not Met in Many Organizations; Management in the Dark
BEAVERTON, Oregon – October 3, 2011 — Gabriel Consulting Group (GCG), an independent analyst firm, today released key findings of its 2011 Data Center Security Survey, a report focused on security issues and solutions among 147 enterprise data center managers responsible for data centers of all sizes.
Results from the “Approach and Philosophy” section of the survey include:
- Only 60% of respondents said that their organization has a clear set of security standards that are logical, understandable, and easy to follow.
- Most respondents’ organizations have centralized their IT security functions.
- Customers with centralized security did not necessarily report better security guidance than those without centralized security.
- A surprising number, 40%, said that their day-to-day security does not conform to the standards required by their official policies.
Dan Olds, Principal Analyst at GCG, said, “It’s quite a surprise to see 40% of respondents say that their day-to-day security doesn’t line up with what’s required by their policies. In the qualitative remarks, they tell us that some of their security mechanisms are cumbersome, and that they prevent them from servicing their customers. So they lower security walls or put in workarounds to let them bypass security – and these are exactly the weaknesses that hackers look for and exploit routinely.”
Customers were also asked about the current state of their IT security. On these topics, the survey found that:
- Only half of respondents said their security is stronger now than ever before.
- Almost half reported that they are constantly finding new security holes.
- Given the statement, “Our security isn’t keeping pace with threats,” 42% agreed and 44% disagreed.
- Fully 60% said that their management thinks security is stronger than it really is.
- Only 22% reported that management knows the true security (or insecurity) status of the enterprise.
“It’s astounding that almost two-thirds of our respondents say that their management is in the dark about their true security status,” said Olds. “This is something that should cause a lot of thought in both the executive suite and the data center. Management needs to seek out the truth when it comes to IT security, and data center management needs to be frank and honest when discussing the strengths and weaknesses of their security mechanisms. Obviously, it’s far better to discuss potential security issues before they’re exposed by a breach.”
GCG is also releasing findings from other sections of the 2011 Data Center Security Survey. More information and detailed results are available here. Connect with Dan Olds and GCG on Twitter, LinkedIn, and Facebook.
Contact: Dan Olds