Federal IT Decision Makers Report Lower Confidence in Security

IPv6 Seen as Enhancing Safeguards Despite Low Adoption; Spyware and Web 2.0 Drive Concerns

HERNDON, Va.- Federal IT decision makers are more concerned about security than in previous years despite spending more time on mandated security requirements, according to a survey of more than 200 agency officials released today by networking leader Cisco®. While half the respondents contend with incompatible stand-alone products, more than 80 percent believe that embedding and integrating network security safeguards is critical for improving their agencies’ security.

Nearly 60 percent of respondents expect Internet Protocol Version 6 (IPv6) to improve their agencies’ security architecture. However, only one-third said their agencies are developing or have developed an IPv6 security architecture. Potential security issues connected to Web 2.0, a new area of focus in this year’s survey, was cited by more than 40 percent of respondents as a top concern, with social networking, file sharing, remote access and application compatibility as their agencies’ greatest Web 2.0-related security concerns.

Bots and spyware top the list of network security issues among respondents, not surprising considering the number of publicly highlighted government breaches during the past year.

“The impact of potential security lapses remains a huge concern across the federal government,” said Bruce Klein, vice president, federal area, Cisco. “While ongoing security threats remain important, one-time breaches that can affect operations or result in the loss of privacy of data are keeping IT managers up at night.”

Additional key findings from the survey include the following:

* Respondents worry more about one-time security issues, such as reduced operations, interrupted service delivery and a loss of privacy around breaches, rather than ongoing threats from remote access, or unknown application software and operating security system flaws.

* Respondents cite the amount of required user training as a top-level barrier, an indicator of the continued evolution of threats and the importance of staff in ensuring safety. Training has become an increasingly important issue since 2005, up approximately 19 percent, according to the survey.

* Consistent with last year’s results, management awareness and support was second only to funding and budget as a challenge to overall compliance with the Federal Information Security Management Act (FISMA).

* Attention to FISMA appears to have peaked in the 2006 survey. Achieving FISMA compliance and green status in all categories of the President’s Management Agenda, and improving GAO FISMA scorecard grades, were higher priorities in 2006.

* While funding remains the top barrier, the existing security architecture is a major barrier to success, as respondents believe integrated network security is critical to improving their agencies’ posture.

“IT managers across the federal government clearly want integrated and embedded security in their networks to improve their agencies’ security, productivity and business performance,” said Gerald Charles, Jr., executive advisor, Internet Business Solutions Group, Cisco. “Increasing mobility, social media services and Web 2.0 are further driving the need for a pervasive security approach and for proactive, compliant and integrated network management tools and services.”

This is the third security-focused survey conducted since November 2005 on behalf of Cisco. The survey was written and fielded in September 2007 by the e-Gov Institute and reviewed by Market Connections, a federal information technology market research firm. The Web-based research effort targeted more than 200 federal IT decision makers from more than 30 civilian and military agencies involved in network security solutions http://www.cisco.com/web/strategy/docs/gov/cisco_security_report_11_1_2007.pdf. Since 2005, Cisco has issued survey results on Internet Protocol version 6 (in June 2006 and June 2007), unified communications (June 2007), and enterprise architecture (September 2006), in addition to the security surveys.