IT security 'worse than root canal'

Managing security on their networks is such a headache for many IT administrators, they would rather undergo a root canal.

At the same time, regulatory compliance is the becoming the main driver for organisations to step up their security.

These are the findings of recent surveys conducted by management systems vendor NetIQ, which says clever resellers can turn these challenges into opportunities.

A study of 1361 technology managers worldwide, including 98 in Australia and New Zealand, found the majority of organisations have an unmanageable number of different security products.

NetIQ regional director for Australia and New Zealand, David Taylor, said 70 per cent of local respondents found security management stressful and a hassle due to the proliferation of security threats and solutions that address them.

"Some would rather fill out a tax return, have a fight with their spouse or get a root canal," he said.

More than half the respondents had four or more different point solutions to address security problems, while nearly a quarter had ten or more, Taylor said.

Viruses, worms and external hacking are by far the most common concerns for respondents, but there is also widespread concern over unauthorised access by employees, spam, phishing and attacks based on known system vulnerabilities.

Meanwhile, more organisations are rethinking security strategies to keep apace with new regulatory requirements, rather than to guard against hackers, according to another NetIQ survey.

The company said nearly 70 per cent of respondents in its recent Security Snapshot Survey of 280 Australia and New Zealand security professionals were beefing up security because of regulatory compliance.

Legislation, regulation and policies such as the Australian Government Information and Communications Technology Security Manual (ACSI-33) and the Sarbanes-Oxley Act were key factors in these decisions. Of those surveyed 85 per cent had increased their security spend during the past 12 months, NetIQ said.

"Organisations are driven by what they have to do to be compliant," Taylor said.

IT service providers had a big role to play to help customers solve both their security management and compliance problems, added Taylor.

"There really is a big business opportunity out there," he said.

Packages such as NetIQ's Security Manager enabled IT managers to identify and manage security threats by consolidating information from a wide range of security products operating within their organisation, while its configuration and vulnerability management tools addressed compliance issues, Taylor said.