Poor network management and basic security vulnerability oversights are leaving organisations open to security attacks, compliance breaches and operational downtime.
This was a key finding in the Network Barometer Report launched on Thursday (2 April).
The report aggregated data from 152 network infrastructure assessments conducted by IT solutions provider Dimension Data for organisations around the world during 2008, and provides an overview of organisational networks' configuration, security vulnerabilities and device life-cycle status."
According to the report, 73 per cent of networking devices have known security vulnerabilities which expose a business to both external and internal security attacks and breaches, and which could have significant implications for regulatory compliance.
"Organisations are running with vulnerabilities they're probably not aware of," said Dexter Wee, general manager, network integration of Datacraft Asia, a wholly-owned Dimension Data subsidiary. "The results also indicate that there's a lack of process to remediate these vulnerabilities."
In addition to process deficiencies, for many sectors, non-compliance can result in considerable penalties. For example, merchants may be excluded from the credit card companies that their business transactions rely on. "This means data leaks and compliance failures, along with natural disasters and market crashes, are issues which should rank high on executives' risk list," said Wee.
The research also showed that an average of 15 security configuration errors were found per device deployed, despite widely published and recommended standards.
"These results are astounding," said Wee. "The most basic protection measures against threats which could harm an organisation, such as access and password configurations, are simply not in place. It's the functional equivalent to leaving the doors and windows unlocked when you leave home."
The report also revealed that 43 per cent of all equipment reviewed had entered the first end-of-life cycle stage, and of that group, 56 per cent was beyond either end-of-software maintenance or last-day-of-support.
Ageing IT and network assets, depending on their functions, will become increasingly unsupportable and open to risk, leaving the organisation exposed to potential availability and mean-time-to-repair risks, the report noted.
Additional commercial implications arise when an end-of-life device fails and must be replaced. Businesses may then have to buy expensive technology in compressed timeframes, without the customary due diligence which ought to be applied in such procurement decisions.
"Today, organisations depend on the functionality, availability and successful management of their IT networks. Indeed, many companies would simply not function without the technologies that enable their business processes," said Wee. "Given this dependency, the basics of keeping networks running and 'ready for business' should be a priority for most organisations."
"As such, rigorous network asset planning is crucial in working out a roadmap of which technology requires replacing down the line. This can realise cost savings, streamline processes and improve productivity--all competitive advantages that are critical to organisations in the current economic climate."
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.