Information security budgets are not in jeopardy. According to a survey of 300 network administrators in charge of IT security at their companies, 81 percent of respondents did not expect a decrease in budgets for 2008. In many cases, security budgets are expected to actually increase.
The survey respondents also indicated that secure file transfer was the major issue they face. Among those using secure file transfer (externally or internally), the proportion indicating that their organization's security policy identifies what “sensitive data” should be exchanged has been trending upward. In addition, among those using a secure method of file transfer at least “sometimes” for exchanging sensitive data internally between remote offices, those saying they “mostly” or “always” use a secure method for internal file transfers of sensitive data increased significantly.
Also in the annual survey, commissioned by VanDyke Software and executed by independent firm Amplitude Research, network administrators were asked to select the three most important security management issues facing their company from a list of 11 areas. Here's the list, with this year's survey response tallies compared to last year's:
- Securing remote access (50 percent up from 47 percent last year);
- Keeping virus definitions up to date (42 percent compared to 45 percent);
- Monitoring intrusions (40 percent, same as last year);
- Secure file transfer (33 percent versus last year's 31 percent);
- Patching systems (30 percent in 2008 compared to 42 percent);
- Password management (27 percent versus 20 percent);
- Network use monitoring (21 percent versus 22 percent);
- User awareness (19 percent this year, similar to 20 percent in 2007);
- User training (14 percent, same as last year);
- Managing logs (12 percent compared to eight percent);
- Replacing nonsecure protocols (11 percent compared to eight percent).
Among the issues respondents were asked about, automated patch management has declined in importance the most.
“The likely takeaway concerning the decrease in automated patch management is that existing solutions are basically working,” said Steve Birnkrant, chief executive officer and founder of Amplitude Research.