Sudden changes in priorities, poor network visibility and lack of time cited as key issues for security professionals struggling to cope with new norms
Traditional approaches to securing the network are amplifying challenges in the face of budget constraints and an increasingly remote workforce, according to Juniper Networks’ study. Juniper Networks has commissioned the study from independent research agency Vanson Bourne which explores the attitudes, perspectives and concerns of 1,000 senior IT networking and security professionals drawn from various industry sectors around the world.
A clear and pertinent picture emerged from the data: network security is an ever-present and growing headache for IT teams, especially in the current climate of mass-scale remote working. Their task is compounded by network performance issues, an inability to upgrade the entire network and the daily grind of basic network maintenance which inhibits further innovation. An added challenge often occurs in an organization’s positioning of security as a resource drain rather than as a business benefit. The solution they overwhelmingly yearn for appears to lie in integrated visibility within the network for more accuracy providing data-driven context to faster security tools, automation and widespread policy enforcement to overcome these challenges. This required approach would enable teams to deliver meaningful insight at scale, while avoiding additional cost and freeing up teams to pursue more strategic projects.
Top highlights from the Vanson Bourne study are as follows:
- 97% of survey respondents admitted that they are specifically experiencing ongoing challenges when attempting to secure their organization’s network effectively. It bears repeating that the IT challenges present before the sudden increase in remote work have been amplified significantly against a burgeoning threat landscape, populated by prolific, highly motivated ‘bad actors’ who constantly innovate and take advantage of every opportunity to thrive and remain undetected. Meanwhile, IT and Security professionals are further challenged with the need to balance necessary business demands against security, even when they are aware these changes extend the attack surface of their organization’s network infrastructure and demand further protection.
- 86% of survey respondents felt that they need to improve network reliability and performance. Especially in the current climate of enforced remote working for larger-than-usual employee numbers, the network is the ‘beating heart’ of any organization undergoing or sustaining digital transformation. To be fully effective, a security deployment must be fully integrated into the network it protects, rather than an uncoupled overlay. Moreover, on average 47% of IT employees’ time is absorbed by ‘keeping the lights on’ in the network instead of pursuing innovation.
- 87% of survey respondents seek a security solution to give better visibility across existing apps, reducing false positives and improving threat response times. The underlying subtext is that IT/Security teams lack time, which makes the pursuit of false positives frustrating and may lead to costly human error-driven mistakes. The net result is that timely mitigation of genuine threats could be hampered. As a result, team leaders crave real-time visibility into their organization’s data and network, adding context to better understand what is happening. They are also keen to balance the demands of delivering compliance with managing security risks effectively. However, the prospect of wholesale ‘rip-and-replace’ to introduce integrated security is not viable nor attractive.
- 63% of respondents stated that their organization positions IT security as a cost center rather than as a value-driving asset. In contrast 97% stated that they had been obliged to spend money on breach mitigation in the last twelve months, with the average cost being more than USD 276,000. This suggests that organizations do not fully realize how vulnerable their networks are to attack and that reluctance to invest in intelligent security is counter-productive, both to the bottom line and to grasping tangible business benefits proactively.
- 95% of survey respondents are working with multiple vendors in pursuit of their overall security deployment goals. This suggests that IT and Security professionals are pragmatic in their attempts to navigate a successful course through all the conflicting challenges in their path, including compliance, costs, departmental preferences and demands. It also suggests that many IT/Security teams are currently driven to seek an answer to the reduced false positives/improved response times requirement from various sources simultaneously.
“There is a clear narrative among senior IT and security professionals that is overwhelmingly confirmed in this survey. Put simply, they know network security is hugely important, with failure increasingly carrying significant risk for their organization. For me, the most compelling statistic is that ninety-nine percent (99%) agree that a threat-aware network* would bring benefits to their organization. As workers become more distributed and threats become more sophisticated, security professionals are faced with new and emerging challenges that put enterprises at even greater risk than before. Companies need threat-aware networks that bring speed and agility to enterprise security, coupled with a Connected Security strategy that allows all network elements to work together for increased visibility and action where it matters most. The old way of thinking about security will no longer suffice for those companies battling a new norm.” - Samantha Madrid, VP of Security Business & Strategy, Juniper Networks.
A thousand CIOs, CISOs, CTOs, IT Directors, Network Architects, Security Directors and IT Security Specialists were surveyed across nine countries (France, Germany, Israel, Italy, Kingdom of Saudi Arabia, the Netherlands, UAE, the UK and the US), in June/July 2020. The survey reached a wide cross-section of vertical industries in both public and private sectors, including education, financial services, government, healthcare, IT & telecoms, manufacturing & production, media, leisure & entertainment, retail, transport and utilities/energy. The size of organizations represented by respondents ranged between 1,000 and upward of 5,000 employees. The research was conducted on Juniper’s behalf by Vanson Bourne Ltd., and respondents were not made aware of the company commissioning the research.
*Threat-aware network definition supplied to survey respondents: Critical security components are visibility and enforcement – everywhere. In addition to perimeter defences, a true threat-aware network has the ability to enforce security at any location; from routers to switches, in the cloud and across all the links which bind the organization together.