Reality Bytes: IT teams admit to cheating on audits and more
by Steve Ragan - May 26 2009, 18:15In their Reality Bytes survey due out tomorrow, Tufin Technologies, a company that covers the firewall market with automation and management offerings, says that the IT staffers and managers who took their survey held nothing back this year and were brutal with their honesty.
The survey, which was conducted at the InfoSecurity Europe 2009 Conference in April, included 151 IT security professionals, from various organizations and government departments employing 1000 to 5000+ employees. The survey was designed to understand the larger social, economic, and cultural context in which Tufin’s customers and potential customers operate.
While the survey does focus on firewall management and problems, after all that is what Tufin specializes in, the little quirks make for some interesting observations that add a little joy to the shortened work week here in the US.
For example, if they had to choose between fixing an IT problem and watching the last 5 minutes of the FA (Football Association) cup final, 39 percent said they would watch the game instead. Considering Soccer is nowhere near as popular here as it is in Europe, the ones who picked the game over work might be forgiven.
So if you could save money, would you buy IT hardware from eBay? Twenty-four percent of those Tufin talked to said they would, if it assured them a cost savings. That’s a risky cost savings, but on the plus side, if you happened to purchase laptops or hard drives being sold by the competition, the odds are you might get valuable data off of them once you complete the recovery process.
Has your IT team ever fudged a little while working on an audit? Twenty percent of those who spoke to Tufin admitted, “…that they or a colleague have cheated so that they get their audits passed.”
When it comes to the firewall aspect, anyone in IT knows that rule management is a nightmare. The more locations you have, the more rules you need, and that gets worse when you factor in company policy, requiring more rules to process.
The survey discovered that 63 percent of companies only check and audit their firewalls from anything between three months to a year, with a staggering 9 percent never bothering to check their firewalls at all. Fifty-one percent admitted that their firewall rules are “a mess.”
Why are firewall rules and their management so important? If they are outdated they pose a risk, criminals love using old attacks on new levels of crime. A rule that prevented something years ago, when firewalls were the latest and greatest, could be used to cause pain now.
So as long as there isn’t a Football game on, then perhaps some of the staff should look at the rules and give them a good once over.
More information on Tufin is here.
Comment on this Story