3 in 5 respondents feel cloud technology has made their job more difficult than it was two years ago
The survey commissioned by Tufin, conducted by ESG, revealed that enterprises are struggling to keep up with network security operations at a time when data breaches and cyberattacks are occurring at an alarming rate.
This is mainly the result of the increase of hybrid cloud adoption among other key factors, including the rise of network-connected devices and traffic. Complicated public and private cloud environments, a dizzying amount of firewalls, and numerous application deployments make proper security controls and meeting compliance regulations next to impossible.
To read the full ESG White Paper: Network Security Operations and Cloud Computing, April 2015, please click here.
“The data from our conversations with IT and security professionals paints a concerning picture of network security operations challenges, confusion and missteps. As innovations like hybrid cloud environments, business applications and security products have created benefits for organisations, they have also created a complex environment for security teams,” said Reuven Harrison, CTO, Tufin. “Given the picture will be similar in the UK, it’s critical that organisations create strong security policies and use automation in order to reduce the errors associated with today’s complicated IT environments, helping to reduce the likelihood of successful cyberattacks and business down time.”
Securing Hybrid Cloud Environments
Today, more organisations are turning to private and public cloud environments to improve computing efficiency, increase flexibility, address the remote workforce and foster collaboration. In this study, the majority of survey respondents (67%) have implemented a private cloud within their environment and 91% of organisations say they will greatly increase their use of Infrastructure-as-a-Service/Platform-as-a-Service over the next two years. This rate of cloud adoption has caused organisations to rethink their security plans, and a significant number of respondents indicated that the support of cloud initiatives has become the primary driver of their organisation’s network security operations strategy (38%). Despite this, only one-third of organisations that are currently using public cloud computing services and/or private cloud infrastructure have created formal security policies for their use of public/private cloud infrastructure, indicating that many organisations are not properly securing their cloud environment, and in turn, their data. Moreover, of those that do have security policies in place, more than half (60 percent) are still learning how best to apply them to their diverse cloud environments.
As most organisations are learning, the increase of hybrid cloud platforms in IT creates additional challenges. Respondents that believe network security operations has become more difficult over the last two years highlighted other factors that make network security operations more difficult today including the increase of network-connected devices (66%), more network traffic (56%), new application deployments (51%) and the rise of security technologies associated with security operations (47%).
Multiple Firewall Deployment
Respondents also shared that further complicating the matter is the dizzying number of firewalls present across most organisations’ networks. More than half of respondents (52%) reported having between 51 and 150 firewalls deployed across their networks, each relying on a set of dozens to hundreds of rules in their security policies for the network to remain secure. Policies are constantly changing and adding to the stress of keeping up with all of the modifications.
Security Automation a Must
Currently, only 13 percent of the IT and information security professionals surveyed would characterise their organisations’ existing network security operations processes and controls as the ‘ideal automated model.’ A significant factor in this is that 91 percent of survey respondents believe automation is either “critical” or “very important” to the success of their network security operations, and more than half of organisations (59% percent) currently using public cloud computing services and/or private cloud infrastructure do not currently think they have the appropriate level of automation needed for secure cloud computing. This shows a common agreement that there is not only a need for change in their organisations’ network security strategy, but also a desire to further strengthen network security controls and efficiently address the constant changes within them.
“The study was conducted to obtain to a more comprehensive understanding of how IT and security professionals view the efficacy of their organisations’ network security operations strategies,” said Jon Oltsik, senior principal analyst at ESG. “A majority of survey respondents indicated that their organisations are struggling to combat unprecedented security risk and keep up with the growing network security workload. The research also suggests that organisations want to automate network security operations and strengthen network security.”
About the Research
In March of 2015, the Enterprise Strategy Group (ESG) conducted a research survey of 150 IT and information security professionals with knowledge of and/or responsibility for their organisations’ network security controls, processes, and operations.
Survey respondents were located in North America and came from enterprise organisations ranging in size: 19% of survey respondents worked at organisations with 1,000 to 2,499 employees, 30% of respondents worked at organisations with 2,500 to 4,999 employees, 26% of respondents worked at organisations with 5,000 to 9,999 employees, 8% of respondents worked at organisations with 10,000 to 19,999 employees, and 17% of respondents worked at organizations with more than 20,000 employees.
Respondents represented numerous industry segments with the largest participation coming from financial services (19%), manufacturing (14%), health care (12%), retail/wholesale (12%), and business services (12%).
About Tufin Orchestration Suite
Tufin provides world-class security policy orchestration solutions that enable organisations around the world to manage network configuration changes accurately and efficiently. By orchestrating complex processes involving multiple teams, applications, servers and network devices, Tufin addresses the challenges of a variety of stakeholders throughout the organisation, while enabling them all to collaborate more effectively. For more information visit here www.tufin.com
About Enterprise Strategy Group (ESG)
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.