More than three-fourths of data center information managers say the business side is oblivious to their company’s security preparedness, and 40 percent believe they aren’t keeping up with threats and attacks, according to a new survey.
The “2011 Data Center Security Survey” centered on questions of information security initiatives, implementations and awareness of 147 enterprise data center managers in charge of data centers of varying sizes. Security software provider McAfee sponsored the study, which was conducted by independent analyst firm Gabriel Consulting Group.
In the survey, 22 percent of respondents said management knows the level to which their enterprise is prepared for security threats. While the business side is obviously sensitive to information security, interest in full-on and effective data center security ventures can get pushed aside for other items in the IT budget that show more direct return on investment, says Evelyn de Souza, senior manager for McAfee Data Center Solutions.
“There is this chasm between IT and management … and you see this when you get into meetings where you have management present and you have the actual implementers who discuss the security and from management, all of a sudden, you just have these blank stares,” says de Souza. “Information security just doesn’t fall high on executive management’s agenda, especially when there isn’t a steering committee or governing body that has these implementers involved.”
To that end, rules are set in place for data center information security that don’t come with executive or budgetary support. Forty percent of respondents reported that day-to-day security does not conform to standards required by enterprise policies, the survey stated. In addition, nearly half of information managers said that they are “constantly” finding new security holes in their data center systems.
Skepticism of security in the cloud persisted here, too, but not for the same reasons of information being “out of site, out of mind,” de Souza says. About 70 percent of respondents worry about public cloud security, in a large part because of how an enterprise would carry out virtualization under management’s expectations and concerns.
“As people move away from a physical data center to a cloud based deployment, a strategy of just bolting on security in response to emerging threats or a regulation simply doesn’t work. Quite often, it actually breaks the performance objectives of virtualization altogether,” she says.
This article was used with permission from
