In newly published research McAfee Inc. finds that a desire for easier management of IT security is being undermined by complex security purchasing strategies. Despite IT managers demanding a single view of IT security, too many security suppliers, solutions and management consoles are weighing down businesses.

The study of 600 businesses across six European countries (UK, France, Germany, Netherlands, Spain and Italy) found that while over three quarters (77 per cent) of those questioned would like to have a single view of the security of their IT infrastructure, nearly a third (29 per cent) currently use four or more management consoles and a quarter (24 per cent) of enterprises questioned have five or more different security suppliers.

The research was conducted by Ipsos MORI Research and commissioned by McAfee to understand the increasingly complex security arrangements of many European businesses. The need to apply updates to software solutions and regularly renew licenses means that managing multiple solutions from multiple vendors can be a major headache for IT managers.

The research reveals that in addition to multiple vendors, many businesses are deploying a large number of security solutions across their organisation. Nearly a third (30 per cent) have five or more security solutions deployed while one in five (22 per cent) enterprises questioned have seven or more different solutions.

Across Europe, the story is varied with Dutch companies using the most security suppliers. A third of Dutch businesses questioned have five or more suppliers while nearly one in five (19 per cent) enterprises questioned have more than 10 security vendors. In France on the other hand, one in three businesses use only one supplier.

British companies use the most security solutions with 44 per cent deploying five or more and nearly a third of enterprises questioned using seven or more. A third of Italian enterprises also use seven or more solutions while in Spain, only one in five of those questioned admitted to using five or more.

Other findings from the McAfee research include:

• Medium-sized companies (250 - 499 employees) are increasingly using multiple vendors with 42 per cent of those questioned having three or more security suppliers.
  
• Over a quarter (26 per cent) of medium-sized companies have deployed five or more security solutions across their IT infrastructure
  
• Only 23 per cent of those questioned are completely satisfied with the level of security across their systems and network

.
When it comes to purchasing new security solutions, functionality is the main driver. Over a quarter of businesses questioned (26 per cent) say that they base their purchasing decision on specific features of a product. Only 13 per cent responded that price is the driving force behind purchasing. Cost is the biggest motivator for UK businesses with just over one in five companies admitting to choosing the cheapest option.

One of the main difficulties for businesses with multiple solutions from multiple vendors is in managing the deployment of patches. Across Europe, over half (51 per cent) of respondents said that they apply patches once a day or more. Italian businesses are the biggest patchers with 67 per cent admitting to deploying patches at least once a day followed by 61 per cent of German businesses questioned.

[This is interesting research because it shows that security administrators seem to make sensible decisions. Independent research has shown time and again that a single supplier cannot produce the best products in a wide range of applications, so selecting security products from a single supplier is almost never an acceptable solution.

When it comes to managing security centrally this is often an advantage, and the new security console in Windows Vista and the corresponding server products is a step in the right direction, allowing security provided by different vendors to be managed from one console. There are many other similar products on the market but most of them suffer from lack of integration of products from many different vendors.

So, sensibly implemented, any organisation should use more than one security vendor and never rely on products from a single vendor for a wide range of security solutions. This discussion is old in the case of virus scanning engines, where you should always use at least two, based on scanner information from at least two suppliers (making sure they don't in fact use the same engines in their solutions). This principle holds for all filtering techniques that need to be updated. With regard to security systems that don't need constant updates, look at products that fit your infrastructure and have a good record of few security holes and patches despite widespread use. As a rule of thumb, when it comes to security products, stay away from newly established companies and stick with those with a good track record! --Ed].

Related links: (Open in a new window.)
www.mcafee.com

View printable version (opens in new window)
Back