Only 22% of data center managers said corporate management was aware of the true security state of data centers, according to a survey of 147 enterprise data center managers by Gabriel Consulting Group (GCG).
“We have seen a huge evolution in terms of infrastructure models, but not in terms of security….There seems to be this discrepancy between management and the team actually implementing security”, said Evelyn de Souza, senior manager for McAfee Data Center Solutions. McAfee is helping to publicize the GCG survey, de Souza explained.
The survey also found that, although nearly half of the respondents feel that virtualization and private clouds pose a unique security challenge, the majority are using the same tools to secure both physical and virtualized systems. While close to 60% of respondents think that private clouds can be kept secure, around 70% expressed skepticism of public cloud security.
“We thought that virtualization would be an excellent opportunity to consolidate the security vendors that companies were using and to reconsider their security approach. But it appears that this is not necessarily happening”, de Souza told Infosecurity.
According to the GCG survey, only 44% of respondents felt that their company was keeping up with data center security threats, and 42% said that their company was not keeping up with the threats. “This is interesting in that you would have expected this to be much higher in terms of keeping up with new threat”, de Souza said. Almost half of respondents admitted to constantly finding new security holes in their data centers.
Survey respondents were also asked about the data center security breaches they had experienced. The survey found that the majority of breaches were caused by outsiders; breaches caused moderate to large amounts of lost productivity for 80% of data center staffs; about 40% reported that breach remediation efforts required 50% or more of their IT staffing and resources; and over 40% said that remediation efforts were completed in one week or less, but nearly as many said that their fixes took a month or longer.
Around 44% of respondents said that more clearly defined security standards and policies would improve their data center security. A full 60% of respondents said their company did not integrate security deeply into new IT projects from the beginning, and 70% said making security a higher priority would benefit their companies.