Skip Links

Security of virtualization, cloud computing divides IT and security pros

Good security pros hard to find, survey respondents say

By , Network World
February 22, 2010 12:04 AM ET

Network World - Is moving to virtualization and cloud computing making network security easier or harder? When some 2,100 top IT and security managers in 27 countries were asked, the response revealed a profound lack of consensus, showing how divided attitudes are within the enterprise.

The "2010 State of Enterprise Security Survey - Global Data" report shows that about one-third believe virtualization and cloud computing make security "harder," while one-third said it was "more or less the same," and the remainder said it was "easier." The telephone survey was done by Applied Research last month on behalf of Symantec, and it covered 120 questions about technology use -- organizations remain overwhelmingly Microsoft Windows-based -- and cyberattacks on organizations.

Contending with virtualization hangover  

To explain such different perceptions about the security impact of virtualization and cloud computing, Matthew Steele, Symantec director of strategic technology, said the best way to understand these answers is to know that "if they had a real security background, they immediately got concerned. But if they care for IT operations, they were thinking about it from an IT optimization standpoint." And the middle-of-the-road responses -- it's all "more of less the same" -- tended to originate from those with budget responsibilities. "If the business is still moving, things are OK," Steele remarked.

Although endpoint virtualization is widely believed to trail server-based virtualization, 8% of the survey's respondents said they had implemented the former, 16% were in the course of implementing it, 9% were in a "trial stage," 26% had plans for it and 25% were in "early discussion," whereas 16% weren't considering it.

And on the question of whether endpoint virtualization makes it "easier or harder to do your job with regards to network security," the opinion was divided, with about a third each way thinking it's "easier," "harder" or about the same.

The survey showed that the median annual budget for enterprise security in 2010 is $600,000, an 11% increase over 2009, with yet another 11% increase anticipated in 2011. But despite incremental budget growth, the survey's respondents -- who hail from banking, healthcare, telecommunications and other sectors as well as local and federal government agencies -- often indicated they had a hard time finding and retaining security personnel.

Organizations on average assigned 120 staffers to IT and compliance matters, with larger enterprises of 5,000 or more assigning 232. But much of the time this was seen as insufficient, with 51% of respondents saying finding qualified applicants was a "huge" or "big" problem.

Difficulty in finding the right expertise was a driver in all manner of outsourcing, including use of managed security services, which about half the organizations used. But only about half were truly "satisfied" with outsourcing arrangements, even as they contemplated expansion into software-as-a-service, platform-as-a-service, and infrastructure-as-a-service, which Symantec defined as everything from use of Google Apps to full-blown hardware and operating system rental on demand, making up today's evolving concept of "cloud computing."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News