Senior managers are often in the dark about the security measures in place in their data centers, while data center managers are often falling short in enforcing existing security policy requirements.
corporate executives are largely unaware of how secure their data centers are,
according to a recent report.
22 percent of data center managers surveyed in a report felt senior management is
aware of the company's security preparedness, according to a data center study
from Gabriel Consulting released Oct. 3. There is a "serious disconnect" between
what managers think about the security measures in place and what is actually
implemented, the survey found.
is astounding that almost two-thirds of our respondents say that their
management is in the dark about their true security status," said Dan
Olds, principal analyst at Gabriel
"needs to seek out the truth," and data center managers need to be
"frank and honest" when discussing strengths and weaknesses of their
security mechanisms, Olds said, noting that it is better to discuss potential
issues before a security breach. The survey shows that management is "ripe
to be blindsided" in the event of a security breach, according to Olds.
results of the study are strikingly similar to the conclusions reached by PwC in
its annual Global
Information Security Survey
, released mid-September. In the PwC report, 43
percent of those surveyed believe their organizations qualify as
"leaders" in how they'd implemented security. In actuality, less than
5 percent of the organizations actually qualify as "leaders."
of the executives in the study have a "false sense of security," said
Mark Lobel, a principal in the advisory services division of PwC.
often views data center security as an expense item that doesn't provide a
financial return, said Gabriel Consulting's Olds. "Security is only an
issue to management where there is a problem-otherwise, it's still a 'why are
we spending all this money' question in budget meetings," a respondent
the most recent study, more than 40 percent of survey participants feel their
organization is not keeping up with the latest threats, Gabriel Consulting found. Even more
disconcerting, 40 percent said that their organization's day-to-day security does
not meet the standards set by official policies that are in place. Nearly half
of the information managers said they are "constantly" finding
security holes within the data center.
with centralized security did not fare better than others, the study found.
Just centralizing security responsibilities and authority isn't enough,
according to Olds. A "real effort" to implement strong "defense
in depth" security to defend against inside and outside threats, but
flexible enough to allow users to do their jobs is required, Olds said.
report also found that organizations used as many as seven security vendors to
secure the data center. More vendors introduce complexity as the products all
have different tools and consoles, but still need to be configured to work
together. Olds said he expects enterprises to reduce the number of vendors they
work with over time, as they invest in more integrated products that solve
were other red flags in the report. Despite the fact that half of the
respondents in the study believe that virtualization and private cloud require
unique security measures, most respondents reported using the same tools to
secure both physical and virtual infrastructure. Approximately 70 percent of
respondents were skeptical of public cloud security, the survey found.
2011 Data Center Security Survey focused on security issues faced by 147
enterprise data managers.