Two-thirds of respondents say network security operations becoming more complex, require automation for processes, monitoring and control

Tufin®, the market-leading provider of network security policy orchestration solutions, today announced the results of a new survey commissioned with Enterprise Strategy Group (ESG) revealing that 63% of respondents say network security operations has become more difficult over the past two years. One hundred and fifty enterprise IT security professionals from a wide range of industries were surveyed to gain a better understanding of their plans for adopting software-defined networking (SDN) in the near future, as well as their opinions on the increasing level of difficulty in managing heterogeneous network environments. The survey indicates a need for greater automation and converged management, command and control capabilities for security operations across physical, virtual and hybrid cloud platforms. “This survey data reveals how CISOs are scrambling to find the right policies, processes, controls and monitoring to keep up with enterprise deployments of a multitude of cloud technologies,” said Jon Oltsik, principal analyst with ESG. “We’re witnessing a new network model evolving: the heterogeneous, multi-dimensional cloud infrastructure, in which enterprises have a little bit of everything – AWS, Microsoft Azure, Google, IBM SoftLayer, VMware, and Cisco. As this model evolves, organizations are struggling to implement policies that help them manage all of these fragments and meet security, compliance and risk mandates.”

Primary Drivers of Increased Difficulty in Security Operations

Survey respondents cited the addition of more devices to the network (55%), increases in the number of networking and security technologies in use (52%), and the deployment of numerous new applications (50%) as the primary drivers of this increased security operations difficulty. The survey also found that 69% of respondents currently operating a private cloud, using public cloud services, or both say they are still learning how to apply security policies to hybrid cloud infrastructure. “Our customers are steadily adopting cloud and SDN, and are moving more of their mission-critical applications to this environment,” said Ruvi Kitov, CEO and co-founder of Tufin. “While this migration is designed to streamline IT operations, it places an even bigger burden on resource-strained security teams that are tasked with keeping security policies in place across physical and virtual networks. Security policy orchestration solutions not only fill this resource gap, but allow organizations to experience the benefits of a heterogeneous environment in a safe and secure way.”

From On-Prem to Cloud and SDN

Cloud services and SDN are seen as increasingly viable alternatives to traditional on-premises solutions. The survey found that 79% of organizations are committed to SDN as a long-term strategy and are already implementing various technologies or conducting proofs of concept. In fact, 51% of respondents participating in the research reported two or more SDN technologies were in use in some capacity within their organizations today. The survey also found that 91% of organizations are actively using cloud-based infrastructure-as-a-service (IaaS) and/or platform-as-a-service (PaaS) as part of their IT strategy, and that 61% of organizations currently use multiple public cloud services.

Cloud Computing Security Skills in Short Supply

As hybrid cloud environments continue to become the IT standard, organizations are struggling to apply policies in the same way as physical environments. Of the organizations currently operating a private cloud, using public cloud services, or both, 49% don’t feel the security team has the right level of cloud computing skills to provide the same types of network security controls and oversight as it does on physical infrastructure. Sixty-one percent (61%) also say it’s difficult to get the same level of visibility into cloud-based workloads as they have in their physical network, and 56% say it’s difficult to audit network security controls in the cloud.

Security Operations and Processes Still Insufficient

As networks become more complex, security policy orchestration and automation is increasingly crucial. Nearly 90% of survey respondents rated network security operations automation as very important or critical to its future business application plans and IT initiatives. And while survey respondents agree that automation can enable the operations team to do more with existing resources (85%), improve network security protection by tightening security policies (85%), and help minimize security misconfiguration caused by human error (85%), only 23% of organizations who are currently using private and/or public cloud technologies feel strongly that current network security operations and processes have the right level of orchestration needed for the cloud.

About the Research

In February of 2016, the Enterprise Strategy Group (ESG) conducted a research survey, on behalf of Tufin, of 150 IT and information security professionals with knowledge of and/or responsibility for their organizations’ network security controls, processes, and operations working in organizations currently using, planning to use or interested in using public cloud based infrastructure services (IaaS and/or PaaS).  In order to qualify, respondent organizations had to have 25 or more firewalls deployed within their network. Survey respondents were located in North America and came from enterprise organizations ranging in size: 27% of survey respondents worked at organizations with 1,000 to 2,499 employees, 26% of respondents worked at organizations with 2,500 to 4,999 employees, 23% of respondents worked at organizations with 5,000 to 9,999 employees, 11% of respondents worked at organizations with 10,000 to 19,999 employees, and 13% of respondents worked at organizations with 20,000 or more employees. Respondents represented numerous industry segments including financial services (17%), business services (13%), and health care (12%).


About Enterprise Strategy Group (ESG)

Enterprise Strategy Group (ESG) is an integrated IT research, analysis, and strategy firm that is world-renowned for providing actionable insight and intelligence to the global IT community. Recognized for its unique blend of capabilities—including market research, hands-on technical product and economic validation, and expert consulting methodologies—ESG is relied upon by IT professionals, technology vendors, investors, and the media to clarify the complex.