IT Security Management Survey

media.govtech.net

IT Security Management Survey

Executive Summary

IT Security

Management Survey January/February 2009

Produced by: In Cooperation with:


IT Security Management Survey

Introduction

Today’s constituents are increasingly providing personal data through egovernment channels, forcing CIOs

to balance this now virtual world that requires managing the digital identities and access rights of users to

unprecedented volumes of critical IT resources and information.

The bottom line is that effective security management is understanding the who, when and where when it

comes to administering an agency’s identity infrastructure across multiple parties and intra-agency systems

and applications.

The National Association of State Chief Information Officers (NASCIO) ranked Identity and Access Management

(IAM) as one of their top 10 issues for 009. This increased focus prompted Public CIO to survey its readers on their

ability to manage and identify authorization rights, as well as the perceived benefits including potential cost efficiency

gains from the automation of user IT administration processes.

Identity and Access Management: focuses on ensuring users are who they say they are and have permission to access

the data they are seeking. Examples: Single sign-on technologies, user provisioning, authentication technologies,

directory services.

Methodology & Audience

This online survey was completed by a random sampling of Public CIO magazine’s circulation representing

CIOs and their C-level counterparts and management across all levels of government: federal, state and local

and education.

This survey was conducted over a period of approximately six weeks with the targeted population invited to

participate via an online questionnaire. All aspects of the survey including deployment and report preparation

have been completed by Public CIO magazine.

156 Responses Tabulated


Respondent/Agency Profile

Which best describes your role with regards to having the authority to select

vendors and fund new initiatives?

13.5%

Member of committee

17.9%

Influencer

25.6%

Recommender

21.8%

Final decision-maker

21.2%

Involvement

Approximately how many individuals (employees, partners, or citizens) access your

agency/department’s systems and applications?

10.3%

10K- 5K

17.9%

5K-10K

46.8%


46%

of those surveyed have

implemented an Identity

Access Management

strategy. An additional

39% intend to develop

this security strategy in

the future.

Securing IT

employees(62%) and

securing intra-agency

transactions(61%) are

the top ranked situations

where IAM software

is currently in use. In

the future, 39% of

respondents plan to use

IAM software for securing

outward/citizen facing

transactions.

IT Security Management Survey

Executive Summary

1

2

Which of these statements accurately represents your agency/department’s

Identity and Access Management (IAM) strategic position?

14.6%

We do not have an

IAM strategy.

18.5%

We do not have an IAM strategy,

but we intend to develop one

in the future.

46.4%

We already have an IAM

strategy and are working to

enhance it.

20.5%

We are currently developing

an IAM strategy.

For which of the following situations is Identity Management and Access

Management(IAM) software currently in use, or planned?

Securing Intra-Agency

Transaction

Securing Agency-to-

Agency Transactions

Securing IT Employees

(those with high levels

of physical and logical

access)

Securing Outward/

Citizen Facing

Transactions

Currently in Use Planned Don’t Know

60.7% 19.7% 19.7%

44.3% 28.7% 27%

61.5% 21.3% 17.2%

34.4% 38.5% 27%


3

4

How do you rate your agency/department’s ability to manage and identify users

(employees, customers, third-party partners) and control their access to system

resources? Please use the following rating scale (1=very low, 5=very high)

1 3.3%

2 8.3%

Which do you feel are the highest priority benefits of an Identity and Access

Management initiative? Please select all that apply.

40.3%

Manage the identity lifecycle

across the IT environment:

from Web to the mainframe.

3 30.8%

4 31.7%

5 25.8%

0% 10% 20% 30% 40% 50%

67.2%

Centralize and automate monitoring of

all users’ roles and access entitlements

throughout their entire tenure.

42%

Improve regulations

compliance.

49.6%

Expand citizen-centric services

security on the Web.

63.9%

Monitor and audit

security events and

risk on all systems.

Over half, or 58% of those

surveyed, have a high

level of confidence in their

agency/department’s ability

to manage and identify

internal/external users and

administer access rights.

Centralization and automation

of roles and access

entitlements throughout

the user lifecycle ranks

the highest priority benefit

by respondents at

67%. Monitoring and

auditing security events

and risks follows close

behind at 64%.

IT Security Management Survey 5


The majority of respondent

agencies, 43%, allocate

less than 5% of their

IT budget to IAM type

technology.

48%

of those surveyed

have a positive level of

confidence that their

agency/department’s

security policies are

followed appropriately.

IT Security Management Survey

Approximately what percentage of your agency/department’s IT budget

5 is allocated to Identity and Access Management type technology?

6

2.6%

%-50%

1.7%

>50%

20.5%

5%- 5%

32.5%

Not sure

On a scale of 1 to 5, do you feel your agency/department’s information

security policies are followed appropriately?

(1=not followed at all, 5=exceedingly well followed)

1 2.2%

2 14.4%

3 35.3%

4 36.7%

5 11.5%

42.7%


7

Which of these security situations are you dealing with now?

Please check all that apply.

7.2%

None of these.

33.3%

Providing access to citizencentric

applications such as

online licensing.

37.7%

Expanding user communities’

increasing access rights and role

complexity.

75.4%

Managing the identities and

access rights of people inside

your organization.

44.2%

Integrating security with

emerging technology like SOA,

Web Services, Federation and

Mobile Devices.

49.3%

Managing the identities and

access rights of people outside

your organization.

44.2%

Proving continuous compliance

with various regulations quickly

and efficiently.

A significant 75% of

those surveyed consider

managing the identities

and access rights of people

inside their organization

the principle security

challenge they face today.

Providing access to

citizen-centric applications

is the least of concern

at 33%.

IT Security Management Survey


Produced by: In Cooperation with:

Public CIO is published by Government Technology, a division of e.Republic, Inc.

100 Blue Ravine Road I Folsom, CA 95 0 I Phone: 800.9 0. 0 9 I Fax: 91 .9 .1 0 I www.public-cio.com

More magazines by this user
Similar magazines