In a time where network security is critical for company survival, IT professionals have to deal with many challenges when it comes to protecting their organisation’s networks. 50% say budget is a bottleneck in the way of achieving their objective. That’s according to survey results released by BAE Systems Applied Intelligence. The findings shed light on barriers preventing companies from developing and implementing comprehensive security plans.
Conducted by Spiceworks*, the survey results include responses from 400 IT decision-makers in the UK and the US. The intention of the survey is to help understand the technology stack and behaviours that organisations are currently using, and their preferences for how to tackle their current challenges.
The time spent on network security is critical for both IT professionals and the organisations they serve. The average IT professional spends a quarter of his or her own time just on security policy management, with around 40% of the team devoted to security policy management. However, budget constraints are limiting the use of new strategies, technologies and implementation practices to make this vital foundational layer more efficient, provide greater visibility and manage change as a network grows.
The research indicates that the greatest network security challenges facing IT professionals are:
*Difficulty in simulating the impact of changes
*Ensuring that network security policy is being implemented as intended
*The time taken to update policy on all required devices
65% of respondents face difficulties in at least one of these areas.
Bottlenecks to objective achievement
The research found that staffing is another clear bottleneck for IT teams at organisations. As businesses implement security strategies, appropriate staffing must be considered for the best chances of optimal network security. Furthermore, the issue of the skills gap arises in this finding. As many as 35% of organisations lack employees who have an adequate skill set to do the required job.
A variety of factors account for security team bottlenecks. 50% of organisations are limited by a lack of available budget to do the actual work. 45% of respondents stated that achievements are not a high enough priority for the overall business. Notably, 51% of organisations questioned in the survey are unable to achieve their objectives due to requiring different tools from different vendors, or simply a lack of staff overall.
Gaps in budget and operational resources
Richard Wilding, director of new ventures and innovation at BAE Systems Applied Intelligence, said: “The findings of the survey reveal a great deal of insight into the decision-making process for IT professionals. Perhaps the most alarming finding is the clear gaps in budget and operational resources that limit development of advanced security strategies as well as the implementation practices needed to protect business operations. With a greater focus on network security policy management from the executive level down, operations can take advantage of the newest tools and strategies that exist to make policy management that much more automated, more efficient and ultimately more manageable.”
In response to the research, BAE Systems is exploring a new technology which provides greater visibility of the network. Known as Idrisi, the solution helps teams in mid-sized businesses understand what’s on their network and how they can improve their network security.
Idrisi’s Simulation Engine provides a risk score and recommendations for improvement, in turn allowing businesses to focus on the highest priority areas of their networks. To find out more register at www.baesystems.com/idrisi
Methodology for the survey
*For the purposes of the study, Spiceworks surveyed IT decision-makers through online research. A total of 400 respondents (300 in the US and 100 in the UK) took the 12-minute online survey.
Respondent Qualification Criteria The IT decision-makers were required to work at organisations with 100-plus employees. These IT professionals are involved in the decision-making process for network/security solutions at their organisation and employ security solutions that produce alerts.