Managed IT Services

Is moving to virtualisation and cloud computing making network security easier or harder? When some 2,100 top IT and security managers in 27 countries were asked, the response revealed a profound lack of consensus, showing how divided attitudes are within the enterprise.

The “2010 State of Enterprise Security Survey – Global Data” report shows that about one-third believe virtualisation and cloud computing make security “harder,” while one-third said it was “more or less the same,” and the remainder said it was “easier.” The telephone survey was done by Applied Research last month on behalf of Symantec, and it covered 120 questions about technology use — organisations remain overwhelmingly Microsoft Windows-based — and cyberattacks on organisations.

To explain such different perceptions about the security impact of virtualisation and cloud computing, Matthew Steele, Symantec director of strategic technology, said the best way to understand these answers is to know that “if they had a real security background, they immediately got concerned. But if they care for IT operations, they were thinking about it from an IT optimiation standpoint.” And the middle-of-the-road responses — it’s all “more of less the same” — tended to originate from those with budget responsibilities. “If the business is still moving, things are OK,” Steele remarked.

Although endpoint virtualisation is widely believed to trail server-based virtualisation, 8% of the survey’s respondents said they had implemented the former, 16% were in the course of implementing it, 9% were in a “trial stage,” 26% had plans for it and 25% were in “early discussion,” whereas 16% weren’t considering it.

And on the question of whether endpoint virtualisation makes it “easier or harder to do your job with regards to network security,” the opinion was divided, with about a third each way thinking it’s “easier,” “harder” or about the same.

The survey showed that the median annual budget for enterprise security in 2010 is $600,000, an 11% increase over 2009, with yet another 11% increase anticipated in 2011. But despite incremental budget growth, the survey’s respondents — who hail from banking, healthcare, telecommunications and other sectors as well as local and federal government agencies — often indicated they had a hard time finding and retaining security personnel.

Organisations on average assigned 120 staffers to IT and compliance matters, with larger enterprises of 5,000 or more assigning 232. But much of the time this was seen as insufficient, with 51% of respondents saying finding qualified applicants was a “huge” or “big” problem.