Most enterprise IT users believe they’re security savvy enough to avoid compromising their employers’ networks, but IT staffers aren’t as optimistic, according to a recently released survey from Toronto-based IT security service provider Soltrus Inc.
Eighty-five per cent of IT users surveyed believed they were moderately to well aware of their organization’s security issues or polices. But only 43 per cent of enterprise IT staff shared that opinion.
The survey was conducted via an e-mail questionnaire sent out to 175 Canadian enterprise IT staffers and users late last year.
Marcus Shields, enterprise product manager with Soltrus, says the results of the survey aren’t particularly surprising.
“From the average end user’s perspective, their computer could be a hotbed of malware and viruses and in some cases the user would never know,” he explains. “Meanwhile the IT administrator comes along, runs a spyware check and nearly falls out of his chair. You can see in that situation how from the two sides’ perspectives, they’re both right.” Enterprise networks for the most part are secure internally, Shields says. Remote employees trying to access the company network are another story.
“The big challenge is the mobility of the end points is increasing to such an extent – that could be anything ranging from a Blackberry to a home computer – and the management tools to deal with those environments are so few and far between that it’s a constant challenge,” Shields says.
The solution to potential IT security problems lies in a mix of user education and security systems.
For example, well-educated users should realize that if their system is running significantly slower than usual, it could be infected. But users shouldn’t have to worry constantly about security, Shields notes.
To relieve users of some security responsibility, Soltrus offers a host-checker offering as part of its SSL VPN offerings that launches as soon as users try to connect to the corporate network remotely. The host-checker downloads an applet onto the user’s computer that checks for things like spyware and up-to-date ant-virus software and patches. If a computer doesn’t check out as well as it should, the host-checker can block the system from accessing certain resources.
A variety of software and hardware vendors, including industry giants Microsoft Corp. and Cisco Systems Inc., are beginning to implement systems similar to Soltrus’ host-checker in their products.
One bright spot in the Soltrus survey is that users are open to helping improve IT security. Ninety-five per cent of the users surveyed said they would use a new security system, even if they had to be trained to use it.
“The attitude is certainly appropriate,” Shields says. “We just have to be careful of what kind of burden we put on people.”