The National Gateway Security Survey 2008 was carried out for value added distributor Wick Hill and sponsored by WatchGuard Technologies. The survey was conducted on a sample of 10,000 of the top UK companies, by employee numbers and turnover. In all, 341 of those questioned responded.
Overall, the research shows a continuing, strong movement towards remote and mobile use and an awareness and concern about security issues around this. 61% of respondents reported that the number of remote users was increasing, while 45% said the number of VPNs being deployed was increasing and 43% said the number of SSL users was increasing.
The move towards remote and mobile use was confirmed by responses to questions about the most important factors in firewall/UTM choice. High availability at 90%, strong authentication at 84%, VPNs at 77%, scalability at 74% and centralised management at 67% were all considered important/very important.
The report showed that 50% of respondents indicated that wireless use was increasing and 49% had growth in VoIP usage. While there is much talk about security being commoditised, the responses in the survey don’t support this. In answers to questions on the importance of various factors in IT security purchasing, price came only third at 73%, behind performance at 90% and reseller/supplier knowledge at 74%. Web purchasing availability came bottom of the list at 15%.
Interestingly, while green issues are flagged later in the report as likely to be increasing in the future, environmental impact is well down the list for the factors influencing purchasing decisions. This proves, if proof were needed, that green credentials will only work for security products that already meet commercial requirements, including price.
When asked about their priorities for 2008, the research shows more of a focus on protecting against external threats rather than internal threats. Securing the network from external attack led the results, being rated highly by 79%, securing remote access by 75%, gateway resiliency by 70%, and authenticating remote users by 67%. Although securing the network internally was rated as important by 70%, authenticating internal users was rated highly by only 47%.
The perception that external threat is more important than internal threat is not unusual, but is not justified by other research, which consistently comes up with results indicating that security problems are more likely to come from inside an organisation than from outside it.