November 28, 2014 (Fri): According to a Kaspersky Lab survey of more than 3,900 IT professionals worldwide, companies in the Non-Profit/Charitable and Education sectors rated virtualization security as their lowest IT security priority. In fact, their rankings of virtualization security were the lowest recorded across all business sectors. The survey data suggests that both sectors had different factors influencing this indifference to virtualization security, and also shows which IT security factors are seen as top priorities.
IT Department Priorities of Charities and Schools
The Non-Profit and Education sectors provide an interesting comparison when evaluating attitudes and usage towards IT resources, particularly virtualization. Both sectors typically receive some degree of government or public funding, and their IT departments often suffer from budget restrictions. At its core, virtualization is about doing more with less by maximizing existing resources rather than making costly hardware investments. With this mentality, it would seem charities and schools could stand to benefit the most from virtualized IT infrastructures.
The Non-Profit/Charitable sector reported the lowest rate of virtualization adoption across all sectors of Kaspersky Lab’s survey. Only 42% of charities and non-profits thought virtualization was becoming a core part of their IT infrastructure, compared to a global average of 52%. Given this low rate of adoption, it was not surprising to find charities and non-profits also reported the lowest security prioritization of their virtual infrastructure. Only 10% of charities and non-profits said securing their virtual infrastructure was one of their top three IT security priorities for the coming year. Charities and non-profits only ranked one IT area lower than virtualization – physical security of their business systems, at 8% – and assigned the highest prioritization to continuity of service (37%), identity and access management (31%), and security of mobile devices (30%).
The Education sector shared a similar attitude to the importance of securing virtual infrastructure, also reporting that only 10% of their sector had virtualization as a top three concern. However, the Education sector reported a higher than average usage of virtualization, with 54% reporting virtual environments as a core part of their IT infrastructure, a rate that was 12 percentage points higher than their charity counterparts. Despite their relatively high rate of virtualization usage, IT managers at education facilities said their top security priorities are preventing data leaks (29%), continuity of service (28%), and providing information security training to employees (28%). Interestingly, educators placed security training for employees as a higher priority than any other business sector in the survey.
Security Motivations for Cost-Constrained IT Budgets
In addition to budget constraints, the Non-Profit/Charity and Education sectors also rely on their IT security measures to protect huge amounts of personal data they store, making any under-equipped IT departments particularly vulnerable to data theft. Charities in particular rely heavily on donations, so maintaining their reputations for securely managing the personal and financial information of their donors is paramount.
According to Kaspersky Lab’s survey, 63% of non-profits and charities said damage to their reputation would be the worst potential consequence of a data breach. When asked what type of data they most feared losing, 41% of non-profits and charities cited their client and donor information, a rate that was far higher than any other business sector.
Educators placed similar importance on their reputation, ranking damaged reputation as their second most feared consequence of a data breach, with 44% of respondents citing this outcome. (This consequence was only slightly behind their top concern of losing access to critical information, cited by 48% of respondents.) Educators also agreed that their client information – in this case, the information of students and faculty – is the data they most fear losing, cited by 21% of respondents.
Given their budget constraints and sensitivities to data breaches, the cost of an IT security incident would be particularly painful to these education and non-profit organizations. This is what makes the low consideration given to virtualization security particularly troubling. A lack of awareness and understanding of virtualization security is hardly unique to these sectors, however. Kaspersky Lab has previously reported that a large portion of IT professionals lack a strong understanding of virtualization security. The survey found at least one-quarter of all IT professionals had “no understanding” or “a weak understanding” of their virtualization security options. Virtual IT network can produce huge cost-savings for resource-strapped organizations, but could also create a window for cyber threats if not properly secured. As more schools, charities and non-profits slowly begin implementing virtual IT resources, we hope their prioritization of virtual security will also rise from its present low rates.
Information about Kaspersky Security for Virtualization, as well as a number of resources to help explain different styles of virtualization security, can be found in Kaspersky Lab’s business center. Also, more data around business trends and usage of virtualization and virtualization security identified by Kaspersky Lab’s global survey can be found in Kaspersky Lab’s 2014 IT Security Risks for Virtualization summary report.