3 in 5 respondents feel cloud technology has made their job more difficult than it was two years ago
A new survey announced , commissioned by Tufin®, the leader in Security Policy Orchestration, conducted by Enterprise Strategy Group (ESG), revealed that US enterprises are struggling to keep up with network security operations at a time when data breaches and cyberattacks are occurring at an alarming rate. According to the survey of IT and information security professionals, the majority (57%) of respondents feel that network security operations is more difficult today than two years ago, a result of the increase of hybrid cloud adoption among other key factors, including the rise of network-connected devices and traffic. Security teams revealed they face an uphill battle complicated by public and private cloud environments, a dizzying amount of firewalls, and numerous application deployments all while trying to maintain proper security controls and meet compliance regulations. The findings are likely to be mirrored in the UK, where a NaviSite survey late last year revealed that 89 per cent of UK respondents cited hybrid cloud as their infrastructure of choice for 2015.
The survey commissioned by Tufin, conducted by ESG, revealed that enterprises are struggling to keep up with network security operations at a time when data breaches and cyberattacks are occurring at an alarming rate.
This is mainly the result of the increase of hybrid cloud adoption among other key factors, including the rise of network-connected devices and traffic. Complicated public and private cloud environments, a dizzying amount of firewalls, and numerous application deployments make proper security controls and meeting compliance regulations next to impossible.
To read the full ESG White Paper: Network Security Operations and Cloud Computing, April 2015, please click here.
“The data from our conversations with IT and security professionals paints a concerning picture of network security operations challenges, confusion and missteps. As innovations like hybrid cloud environments, business applications and security products have created benefits for organisations, they have also created a complex environment for security teams,” said Reuven Harrison, CTO, Tufin. “Given the picture will be similar in the UK, it’s critical that organisations create strong security policies and use automation in order to reduce the errors associated with today’s complicated IT environments, helping to reduce the likelihood of successful cyberattacks and business down time.”
Securing Hybrid Cloud Environments
Today, more organisations are turning to private and public cloud environments to improve computing efficiency, increase flexibility, address the remote workforce and foster collaboration. In this study, the majority of survey respondents (67%) have implemented a private cloud within their environment and 91% of organisations say they will greatly increase their use of Infrastructure-as-a-Service/Platform-as-a-Service over the next two years. This rate of cloud adoption has caused organisations to rethink their security plans, and a significant number of respondents indicated that the support of cloud initiatives has become the primary driver of their organisation’s network security operations strategy (38%). Despite this, only one-third of organisations that are currently using public cloud computing services and/or private cloud infrastructure have created formal security policies for their use of public/private cloud infrastructure, indicating that many organisations are not properly securing their cloud environment, and in turn, their data. Moreover, of those that do have security policies in place, more than half (60 percent) are still learning how best to apply them to their diverse cloud environments.
As most organisations are learning, the increase of hybrid cloud platforms in IT creates additional challenges. Respondents that believe network security operations has become more difficult over the last two years highlighted other factors that make network security operations more difficult today including the increase of network-connected devices (66%), more network traffic (56%), new application deployments (51%) and the rise of security technologies associated with security operations (47%).
Multiple Firewall Deployment
Respondents also shared that further complicating the matter is the dizzying number of firewalls present across most organisations’ networks. More than half of respondents (52%) reported having between 51 and 150 firewalls deployed across their networks, each relying on a set of dozens to hundreds of rules in their security policies for the network to remain secure. Policies are constantly changing and adding to the stress of keeping up with all of the modifications.
Security Automation a Must
Currently, only 13 percent of the IT and information security professionals surveyed would characterise their organisations’ existing network security operations processes and controls as the ‘ideal automated model.’ A significant factor in this is that 91 percent of survey respondents believe automation is either “critical” or “very important” to the success of their network security operations, and more than half of organisations (59% percent) currently using public cloud computing services and/or private cloud infrastructure do not currently think they have the appropriate level of automation needed for secure cloud computing. This shows a common agreement that there is not only a need for change in their organisations’ network security strategy, but also a desire to further strengthen network security controls and efficiently address the constant changes within them.
“The study was conducted to obtain to a more comprehensive understanding of how IT and security professionals view the efficacy of their organisations’ network security operations strategies,” said Jon Oltsik, senior principal analyst at ESG. “A majority of survey respondents indicated that their organisations are struggling to combat unprecedented security risk and keep up with the growing network security workload. The research also suggests that organisations want to automate network security operations and strengthen network security.”
About the Research
In March of 2015, the Enterprise Strategy Group (ESG) conducted a research survey of 150 IT and information security professionals with knowledge of and/or responsibility for their organisations’ network security controls, processes, and operations.
Survey respondents were located in North America and came from enterprise organisations ranging in size: 19% of survey respondents worked at organisations with 1,000 to 2,499 employees, 30% of respondents worked at organisations with 2,500 to 4,999 employees, 26% of respondents worked at organisations with 5,000 to 9,999 employees, 8% of respondents worked at organisations with 10,000 to 19,999 employees, and 17% of respondents worked at organizations with more than 20,000 employees.
Respondents represented numerous industry segments with the largest participation coming from financial services (19%), manufacturing (14%), health care (12%), retail/wholesale (12%), and business services (12%).
About Tufin Orchestration Suite
The Tufin Orchestration Suite™ is a complete solution for automatically designing, provisioning, analysing and auditing network security changes from the application layer down to the network layer. It minimises errors and redoes for rapid service delivery, continuous compliance and business continuity.
Tufin provides world-class security policy orchestration solutions that enable organisations around the world to manage network configuration changes accurately and efficiently. By orchestrating complex processes involving multiple teams, applications, servers and network devices, Tufin addresses the challenges of a variety of stakeholders throughout the organisation, while enabling them all to collaborate more effectively. For more information visit here www.tufin.com
About Enterprise Strategy Group (ESG)
Enterprise Strategy Group (ESG) is an integrated IT research, analysis, and strategy firm that is world-renowned for providing actionable insight and intelligence to the global IT community. Recognised for its unique blend of capabilities—including market research, hands-on technical product and economic validation, and expert consulting methodologies—ESG is relied upon by IT professionals, technology vendors, investors, and the media to clarify the complex.For more information visit here www.esg-global.com
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.