Correction note: Some survey percentages in this report were accidentally taken from the 2005 survey. The percentages below have been corrected using the 2006 results.
Federal IT professionals feel better about their defensive capabilities than they did a couple years ago. But budget constraints still keep them from being more secure and they worry about potential data breaches, according to a survey from Cisco Systems Inc.
Market Connections, a Fairfax, Va.-based research firm, interviewed 200 federal IT decision makers from more than 45 civilian and military agencies in August on behalf of the San Jose, Calif.-based networking giant.
Almost half the respondents expressed confidence that their firewalls, intrusion detection software and server security tools are effective enough to address most of their agency's needs.
Meanwhile, almost half of those involved with agency compliance efforts said they are spending at least a quarter of their time addressing the requirements of the Federal Information Security Management Act (FISMA).
A majority of respondents also said that:
- The security tools they value most are network firewalls and software that protects their servers and workstations.
- They lose the most sleep over the possibility of reduced operations and data security breaches.
- Their agencies have a permanent chief information security officer.
- They expect to complete their Homeland Security Presidential Directive-12 requirements on time.
- Their top priorities are to achieve green status in every category of the President's Management Agenda, improve their security grades on the Government Accountability Office (GAO) scorecard and achieve FISMA compliance.
- They consider Microsoft and Cisco as the main players in providing information security solutions.
Asked what keeps them from achieving a better security posture, 67% cited budget constraints, 47% said other projects get priority, 49% cited a lack of upper-management support and 36% cited a lack of tools.
Asked what their top priorities are for the next year, 64% said achieving FISMA compliance, 65% said achieving green status in all five categories of the President's Management Agenda; and 64% said it was to get an "A" on the GAO security scorecard.
David Graziano, Cisco's manager for the federal region, said respondents also made it clear that they want their IT infrastructure providers to bake more security into their products, and that Cisco is committed to meeting that demand.
"People are buying point solutions as part of defense-in-depth, but those products don't always work well with the existing infrastructure," he said. "They're asking us to bake security into the infrastructure and to make sure our products talk well with other security tools."