Key findings from “The State of Network Security 2014: Attitudes and Opinions” include:
· Convoluted security processes threaten productivity and lead to outages. 64% of respondents said that manual processes, limited visibility into security policies and poor change management practices posed the greatest challenge when managing network security devices. More than 80% of respondents experienced network or application outages as a result of out-of-process changes, up from just over half in 2012. Almost 20% of respondents raised the issue of poor communication among key stakeholders across development, security and operations groups, an 80% increase from last year.
· Insiders continue to pose the greatest risk, but third party vendor security raises significant concerns. 73% of organisations rated accidental data leakage or malicious behavior by insiders as their number one risk, up from less than two-thirds last year. Also, half of respondents who outsource management of security controls or sensitive information were less than confident in their provider’s ability to provide protection.
· Pace of cloud adoption picks up, despite concerns about connectivity and security. Last year one in five organisations expected to move more than 40% of their business applications to the cloud; this year more than 15% already use cloud hosting for the majority of their applications. Three-quarters of organisations are using cloud hosting to some degree, three out of five still worry about ensuring application availability and security with off-site data centers.
“Recent high-profile cyber attacks have quickly elevated security discussions to the board-level at many organisations. This requires a fundamental shift in how security professionals think and communicate,” said Nimmy Reichenberg, Vice President of Marketing and Strategy, AlgoSec. “The survey results underscore the need for security teams to understand business requirements to ensure agility as well as to understand the impact of vulnerabilities on the business for effective risk mitigation.”
More than two-thirds of organisations have now implemented next-generation firewalls (NGFW), up from just over 40% two years ago, with the most commonly-used features being IPS, application control, URL filtering and advanced malware detection. With increased adoption has come greater awareness of the challenges associated with defining NGFW policies, which nearly a third of those surveyed (31.2%) said was now their main challenge.