At its most fundamental level, the objective of network security is a simple one. Organizations need to protect their people, assets, and the data that travels across and resides within their networks. They do this by setting security policies that detail parameters like who or what is allowed to access which resources.
Over time, even small organizations can accumulate large libraries of security policies across a variety of different security products. The old processes used to create, update and audit these policies become a burden for the IT team and cause a number of problems for the organization.
Research firm Enterprise Strategy Group (ESG) recently surveyed 200 IT and cybersecurity decision-makers to understand their views on network security complexity and its consequences. They examine some of the top challenges facing these organizations today in their new report “Navigating Network Security Complexity.”
It’s not just your imagination. Security is getting more complex.
Unsurprisingly, a majority (83%) of respondents felt that network security has gotten more complicated in the last two years. There are many reasons for this, but the top responses included:
- More devices deployed on the network
- More traffic on the network
- The operations team managing more networking and security technologies
Taken together, these responses paint the picture of a growing attack surface and increasing workload for teams responsible for protecting organizations’ critical assets.
Challenges on the horizon
What are the biggest network security challenges facing organizations in the next few years? According to the survey, they are:
- Business initiatives being adopted without the proper security involvement
- A lack of dedicated network security staff
- It takes too long to manage network security policies
Businesses are innovating at a record pace, and they aren’t waiting for the security team. Hiring staff continues to be challenging, and outdated processes are compounding the issue.
Brace for impact: outages, disruption and data breaches
Nearly a third (29%) of organizations said they experienced a security event resulting from network security complexity. The most common incidents included network outages, application or network availability, loss of sensitive data, and lost productivity. Given the critical nature of these risks, it’s clear that network security management needs to be addressed when assessing an organization’s risk management strategy.
Recommendations: technology integration, automation, simplification
ESG offers three headline recommendations for CISOs dealing with network security complexity today. First, look for solutions that are integrated and centrally managed when possible. Next, seek out solutions that emphasize ease-of-use and time-to-value. Finally, organizations should strive for process automation and use technology to accomplish this.
Whether you’re directly involved in managing your organization’s security policies or not, you’re likely experiencing negative effects of the drain that these manual tasks can have on an IT department. It’s time to prioritize making security policy management more efficient, consistent and effective. Reading the full research report is a great place to get started.
By Brian Remmel
Published with permission from blogs.cisco.com.