Cyber-security tools are 'too complex' to use

News by Tom Reeve

A survey of IT professionals found that at least a third of them admitted that security tools are often too complex to deploy and use.

The complexity of IT security tools is hindering their effective deployment and use in organisations, according to a new survey from Thycotic.

It surveyed 250 IT professionals for its VMworld survey and found that 34 percent said complexity in daily use was the biggest hindrance to the effectiveness of various tools.

Meanwhile, 30 percent said that complexity in deployment was a significant hindrance in the use of cyber-security tools.

The company, which produces privileged account management software, asked what were the most important attributes of these types of tools. The top response was ‘easy to deploy’ (26 percent) followed by automation (25 percent).

Integration with other technology was the top concern for 11 percent of respondents and cloud deployment options for 10 percent.

For least privilege enforcement tools, easy to deploy was the most desirable attribute for 23 percent, followed by automation (21.5 percent) and cloud deployment options (15 percent).

Joseph Carson, chief security scientist at Thycotic, said that 80 percent of breaches involve compromised credentials. Privileged account management was listed as the top priority for 2018 by Gartner analyst Neil MacDonald. As a minimum, he said, CISOs should set multi-factor authentication for all administrators and consider MFA for access by third parties such as contractors.

"Security tools that are complex to deploy and difficult to use on a daily basis can negatively impact the tool’s effectiveness," said Joseph Carson, chief security scientist at Thycotic. "If IT Ops does not adopt and even embrace a security tool, it risks becoming a waste of time and money while failing to adequately protect critical information assets."

The survey found that one in four respondents had not been consulted about the purchase of security tools.

Cyber-security professionals should always get input from IT operations teams before making decisions about new security tools as well as involving the teams in testing and evaluation prior to purchase.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews