Cloud Computing

Survey: Federal IT Security Pros Struggle, As Cloud and Mobile Initiatives Gain Momentum

nCircle, the leader in information risk and security performance management solutions, today announced results of the nCircle 2012 Federal Information Security Initiatives Trend Study. The company surveyed over 100 respondents in the federal IT security community, including senior management, IT operations, security professionals, and risk and audit managers from government agencies and contractor organizations.

Highlights from the study include:

  • Meeting security compliance requirements is the top concern for federal respondents.
  • 95% of agency respondents indicate that one-third or less of their infrastructure has migrated to the cloud.
  • While the federal cloud initiative is moving slowly, there is a growing level of confidence in the technology and policies that can enable higher risk use of the cloud. Over 30% of respondents report they are migrating moderate impact data.
  • Only 13% of respondents acknowledge a role for Federal Risk and Authorization Management Program (FedRAMP) baseline security controls in advancing their migration to the cloud, and 53% have not determined a role for FEDRAMP.
  • 82% of respondents said they have a mobility/Bring Your Own Device (BYOD) security policy in place.
  • 91% of those with a mobile security policy in place enforce it, however, 62% do not have a strategy for monitoring the variety of mobile devices being introduced into the government space.

“In the current economic and political environment, IT initiatives perceived to cut agency costs, like cloud migration and BYOD, are moving forward rapidly and require increased focus from agency IT security personnel,” said Keren Cummins, nCircle’s director of federal markets. “These same professionals report a disconnect between the pace at which these initiatives are evolving and agencies’ ability to effectively secure them. Given the rapid changes in agency IT environments driven by the push to cut costs, it’s easy to understand why compliance is an increasing concern.”

The online and in-person study was conducted between April 19 and July 6, 2012. nCircle has conducted the annual study for three years and decided to add targeted questions focused on key federal information security initiatives that have significant impact on government risk management this year.

To see the complete study, please visit:

About nCircle
nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer’s premises, as a cloud-based service, or in combination, for maximum flexibility and value.


Cloud-based IT security benchmarking solution now supports all vulnerability management products

nCircle, the leader in automated security and compliance auditing solutions, today announced the addition of native support in nCircle Benchmark for Tenable Nessus, a commonly used open source vulnerability assessment product with over five million downloads. With the addition of the Tenable Nessus data adapter, nCircle Benchmark now supports all of the most common vulnerability management products. nCircle Benchmark is the world’s first cloud-based security and compliance benchmarking service that enables organizations to compare the performance of their entire IT security ecosystem to their own goals and industry peers.

Native support for Tenable Nessus is enabled through nCircle Benchmark’s data adapter technology. nCircle Benchmark data adapters transform raw data from a wide variety of security products into useful metrics and powerful key performance indicators. These security metrics enable users to quickly assess their compliance and risk posture and compare the results to their industry peers.

“The value of the vulnerability management benchmark increases with additional contributors and a broader range of data sources,” said Jim Acquaviva, vice president of product strategy at nCircle. “nCircle Benchmark’s support for Tenable Nessus enables more organizations to convert vulnerability management system into useful metrics, key performance indicators and visual scorecards.”

nCircle Benchmark Metrics Pack for Vulnerability Management is now available to all nCircle IP360, McAfee Vulnerability Manager, Qualys QualysGuard, Rapid7 NeXpose and Tenable Nessus customers. nCircle Benchmark normalizes data across different vulnerability management products, providing a common baseline that enables the entire nCircle Benchmark community to compare vulnerability management results regardless of the scanning technology used.

The nCircle Benchmark Vulnerability Management Scorecard Pack contains pre-built metrics that transform raw data from your vulnerability management solution into actionable metrics including:

  • Average host risk score
  • Average number of days since last vulnerability scan
  • Vulnerability distribution by platform
  • Vulnerability distribution by severity
  • Percentage of Systems with Severe Vulnerabilities
  • Common high severity vulnerabilities

All of these metrics can be presented by industry, company size, geography and assets under management. Internal metrics can be analyzed by an even wider range of criteria including risk profile, organizational structure and compliance requirements. Standard, Premium and Enterprise editions include many more metrics, scorecards and other benefits.

The Tenable Nessus data adapter is now available as part of the nCircle Benchmark Vulnerability Management Scorecard Pack.

nCircle Benchmark Scorecard Packs

nCircle Benchmark Scorecard Packs deliver pre-packaged, field-tested metrics and scorecards that provide complete visibility across multiple-vendor security and compliance environments. nCircle Benchmark metrics and scorecards offer a comprehensive, at-a-glance indicator of IT investment performance. nCircle Benchmark offers a broad range of Scorecard Packs. Vulnerability Management, Configuration Auditing, Antivirus & Endpoint Protection, Identity & Access Management and Patch Management are available now. Additional Scorecard Packs for Endpoint Encryption, Event Management, Incident Response and Network Protection will be available soon.

nCircle Benchmark Editions

Each Scorecard Pack is delivered in three editions: Basic, Standard and Premium. The Basic Edition of every Scorecard Pack is always free and provides an initial set of metrics and scorecards. Organizations can easily expand beyond the free Basic Edition and subscribe to a broad range of additional scorecards delivered in the Standard Edition or the Premium Edition to start building internal benchmark assessments from the extensive nCircle Benchmark catalog.

Get Started Free

To get started, simply visit to create an account and select a Metrics Pack. Within minutes, customers can view metrics and scorecards of their security performance and compare results to a benchmark of their peers.

About nCircle
nCircle is the leading provider of automated security and compliance auditing solutions. More than 5,500 enterprises, government agencies and service providers around the world rely on nCircle’s proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto.