According to findings from the sixth annual “What Keeps Network Administrators Up At Night” security survey commissioned by VanDyke Software and executed by Amplitude Research, the world of enterprise network and systems administrators has seen IT budget landscapes turned upside down, producing a dynamic of IT security “haves” and “have nots” with differing levels of confidence to manage IT security priorities and challenges.
Notable research findings include:
- Network and systems administrators who saw a decline in their 2009 IT budget versus the year before outnumber those who saw an increase by 2:1; in 2008, the opposite was true
- Almost half (46%) of network and systems administrators feel that their organization has not budgeted sufficiently to support current information security needs – up significantly from 36% in 2008
- Network and systems administrators who feel that their company has not budgeted sufficiently express challenges managing their “users” and concerns about security of laptop and handheld devices.
Reversal of fortune for IT budgets
This year’s survey of 320 network and systems administrators conducted the third week of April found that 41% were seeing a decrease in their company’s 2009 overall IT budget as compared to 2008, while 22% were seeing an increase. In the 2008 survey, only 18% were seeing a decrease in their company’s 2008 IT budget as compared to 2007, while 44% were seeing an increase.
While more than half of all network and systems administrators feel they are sufficiently budgeted for information security needs, this year showed a significant decline in perceived sufficiency of IT budgets to meet security needs. In the April 2009 survey, 54% of respondents indicated they were sufficiently budgeted (46% said they were not), as compared to 64% who said they had sufficient budget in the 2008 survey. “That’s a significant decline,” said Amplitude Research CEO Steve Birnkrant.
Current economic conditions and security project cancellations
Overall, 27% of the survey respondents were aware of cancellations of 2009 IT security projects as a result of a perceived poor economy. Among those feeling their company was not sufficiently budgeted for security needs, 39% were aware of their company canceling security projects. In contrast, 17% of those who felt their company was sufficiently budgeted were aware of their company canceling 2009 IT security endeavors/projects as a result of a perceived poor economy.
Perception of IT budget sufficiency influences top security concerns
When asked “What keeps you up at night?”, slightly more than one-third (36%) of the respondents said they were “sleeping like a baby”. Others were “kept up at night” by various concerns, such as their users, their recovery plan (or lack thereof), the next virus, or a breach to their network or website. Between 2008 and 2009 there has been a slight decline in the proportion worrying about each issue, with the exception of “your users”. In particular, the proportion worrying about a security breach to their network dropped significantly from 36% in 2008 to 27% in 2009.
Among those who felt their organization has budgeted sufficiently to support their current security needs, 48% said they were sleeping like a baby, while 22% of those facing an insufficient budget said they were sleeping like a baby.
Of those who said they felt budgeted sufficiently for security needs, top security concerns included: users (25%); a security breach to the network (22%); recovery plan (18%); the next virus/worm (16%); and a security breach to their own website (9%). Meanwhile of those who said they felt budgeted insufficiently for security needs, their top security concerns ranked: users (41%); recovery plan (39%); security breach to the network (34%); worrying about the next virus/worm (28%); and security breach to their website (7%).
A correlation between budget deficiency and confidence deficiency in securing mobile computing devices
Of those network and systems administrators who responded that they have a sufficient security budget in 2009, 76% indicated they were satisfied with the security of the laptops at their company. Of those who responded that they do not feel they have a sufficient security budget, only 39% were satisfied with laptop security. At the same time, of those who do not feel they have a sufficient budget, 45% were dissatisfied with laptop security vs. 14% of those who felt sufficiently budgeted.
When asked if their company has formal policies regarding the offsite use of laptop computers (such as password-protected screen savers, sign-out procedures, laptop audits, restrictions on software installation, marking or branding of laptop exteriors, etc.), more than half (57%) reported that their company has formal policies. But among those who do not feel their company has budgeted sufficiently for security needs, less than half (49%) reported that they have formal policies regarding the offsite use of laptop computers (vs. 63% of those who felt sufficiently budgeted).