A new survey announced today, commissioned by Tufin®, the leader in Security Policy Orchestration, conducted by Enterprise Strategy Group (ESG), revealed that enterprises are struggling to keep up with network security operations at a time when data breaches and cyberattacks are occurring at an alarming rate. According to the survey of IT and information security professionals, the majority (57%) of respondents feel that network security operations is more difficult today than two years ago, a result of the increase of hybrid cloud adoption among other key factors, including the rise of network-connected devices and traffic. Security teams revealed they face an uphill battle complicated by public and private cloud environments, a dizzying amount of firewalls, and numerous application deployments all while trying to maintain proper security controls and meet compliance regulations.
To read the full ESG White Paper: Network Security Operations and Cloud Computing, April 2015, please click here.
“The data from our conversations with IT and security professionals paints a concerning picture of network security operations challenges, confusion and missteps. As innovations like hybrid cloud environments, business applications and security products have created benefits for organizations, they have also created a complex environment for security teams,” said Reuven Harrison, CTO, Tufin. “It’s critical that organizations create strong security policies and use automation in order to reduce the errors associated with today’s complicated IT environments, helping to reduce the likelihood of successful cyberattacks and business down time.”
Securing Hybrid Cloud Environments
Today, more organizations are turning to private and public cloud environments to improve computing efficiency, increase flexibility, address the remote workforce and foster collaboration. In this study, the majority of survey respondents (67%) have implemented a private cloud within their environment and 91% of organizations say they will greatly increase their use of Infrastructure-as-a-Service/Platform-as-a-Service over the next two years. This rate of cloud adoption has caused organizations to rethink their security plans, and a significant number of respondents indicated that the support of cloud initiatives has become the primary driver of their organization’s network security operations strategy (38%). Despite this, only one-third of organizations that are currently using public cloud computing services and/or private cloud infrastructure have created formal security policies for their use of public/private cloud infrastructure, indicating that many organizations are not properly securing their cloud environment, and in turn, their data. Moreover, of those that do have security policies in place, more than half (60 percent) are still learning how best to apply them to their diverse cloud environments.
As most organizations are learning, the increase of hybrid cloud platforms in IT creates additional challenges. Respondents that believe network security operations has become more difficult over the last two years highlighted other factors that make network security operations more difficult today including the increase of network-connected devices (66%), more network traffic (56%), new application deployments (51%) and the rise of security technologies associated with security operations (47%).
Multiple Firewall Deployment
Respondents also shared that further complicating the matter is the dizzying number of firewalls present across most organizations’ networks. More than half of respondents (52%) reported having between 51 and 150 firewalls deployed across their networks, each relying on a set of dozens to hundreds of rules in their security policies for the network to remain secure. Policies are constantly changing and adding to the stress of keeping up with all of the modifications.
Security Automation a Must
Currently, only 13 percent of the IT and information security professionals surveyed would characterize their organizations’ existing network security operations processes and controls as the ‘ideal automated model.’ A significant factor in this is that 91 percent of survey respondents believe automation is either “critical” or “very important” to the success of their network security operations, and more than half of organizations (59% percent) currently using public cloud computing services and/or private cloud infrastructure do not currently think they have the appropriate level of automation needed for secure cloud computing. This shows a common agreement that there is not only a need for change in their organizations’ network security strategy, but also a desire to further strengthen network security controls and efficiently address the constant changes within them.
“The study was conducted to obtain to a more comprehensive understanding of how IT and security professionals view the efficacy of their organizations’ network security operations strategies,” said Jon Oltsik, senior principal analyst at ESG. “A majority of survey respondents indicated that their organizations are struggling to combat unprecedented security risk and keep up with the growing network security workload. The research also suggests that organizations want to automate network security operations and strengthen network security.”
About the Research
In March of 2015, the Enterprise Strategy Group (ESG) conducted a research survey of 150 IT and information security professionals with knowledge of and/or responsibility for their organizations’ network security controls, processes, and operations.
Survey respondents were located in North America and came from enterprise organizations ranging in size: 19% of survey respondents worked at organizations with 1,000 to 2,499 employees, 30% of respondents worked at organizations with 2,500 to 4,999 employees, 26% of respondents worked at organizations with 5,000 to 9,999 employees, 8% of respondents worked at organizations with 10,000 to 19,999 employees, and 17% of respondents worked at organizations with more than 20,000 employees.
Respondents represented numerous industry segments with the largest participation coming from financial services (19%), manufacturing (14%), health care (12%), retail/wholesale (12%), and business services (12%).
About Tufin Orchestration Suite
The Tufin Orchestration Suite™ is a complete solution for automatically designing, provisioning, analyzing and auditing network security changes from the application layer down to the network layer. It minimizes errors and redoes for rapid service delivery, continuous compliance and business continuity.
Tufin provides world-class security policy orchestration solutions that enable organizations around the world to manage network configuration changes accurately and efficiently. By orchestrating complex processes involving multiple teams, applications, servers and network devices, Tufin addresses the challenges of a variety of stakeholders throughout the organization, while enabling them all to collaborate more effectively. Find out more at www.tufin.com
About Enterprise Strategy Group (ESG)
Enterprise Strategy Group (ESG) is an integrated IT research, analysis, and strategy firm that is world-renowned for providing actionable insight and intelligence to the global IT community. Recognized for its unique blend of capabilities—including market research, hands-on technical product and economic validation, and expert consulting methodologies—ESG is relied upon by IT professionals, technology vendors, investors, and the media to clarify the complex.