Distinct priorities have emerged when it comes to responding to the needs of IT security’s rapid transformation, independent research sponsored by FireMon has found. The survey of 500 cybersecurity leaders across North America and EMEA uncovered the key investments organizations are making, and the rationale behind their decisions.
“The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fueled explosion in distributed and remote work has created a perfect storm for network security teams,” said Satin H. Mirchandani, President and CEO of FireMon. “It’s no wonder that they’re adding new technologies, architectures, and approaches to ensure their networks remain protected.”
The survey identified five major areas for network security investment:
Automation - More than 50 percent of organizations are currently investing in automating policy management to safeguard against inefficient and risky functions and 79 percent say they’ll implement security orchestration and automation within two years to improve agility and responsiveness.
Zero Trust – 45 percent of organizations plan to implement a Zero Trust in the next 12 months, adding to the 17 percent of organizations that have already begun this process. The biggest drivers are a greater need for secure remote access (72 percent), reducing cybersecurity risk (70 percent), and supporting the transition to cloud architectures (51 percent).
Secure Access Service Edge (SASE) – 85 percent of organizations have either already implemented a SASE platform or plan to do so within two years.
Security-Development Misalignment: 82 percent of IT leaders admit their application development (DevOps) and network security operations teams are not well aligned.
Heterogeneity and Integration: With growing complexity and heterogeneity, 95% of respondents are concerned about the lack of integration of network security platforms and their IT infrastructure.
From an automation perspective, respondents cited the need to increase security agility and accelerate responsiveness and reduce the mean time to discover and resolve security incidents as the major drivers. This indicates that network security's growing complexity has rendered manual processes insufficient to keep up with accelerating rates of change. Automation is now an imperative.
Based on the survey findings, it is also clear that Zero Trust Architecture will achieve broad adoption to support the transition to cloud architectures and ensure security for an increasingly remote workforce. Both trends were accelerated by COVID-19 and are highly unlikely to be reversed.
As part of this transition to cloud-based architectures, many respondents plan to implement a SASE platform to reduce cost and complexity, and improve security for their distributed and mobile workforce.
However, there is a risk of lack of alignment in a rush to balance the transition to cloud-based environments while still managing legacy infrastructure. This is especially the case when it comes to network security operations and application development and delivery processes. This misalignment causes slower application deployment, increases risk of downtime, and creates friction between security and development teams.
To gain greater alignment among security and development processes, more than 8 out of 10 organizations are looking to better integrate their systems via open APIs. This allows them to inject security capabilities into their preferred workflows, enabling greater flexibility and smoothing collaboration between groups.
"Network security is in the midst of a tectonic shift. New technologies and approaches will rapidly become the norm, forcing security teams to rethink how they manage access policies and ensure compliance in a changing and highly heterogeneous world," concludes Mirchandani.
The full study can be found here.
The research is based on a survey completed in January 2021 by Pulse Media, a research firm with a 27 000-member knowledge community. The survey included 500 directors, vice presidents, and C-Suite executives involved in IT security for organizations with 1,000 employees or more across North America and EMEA. Industries represented included Finance, Banking & Insurance, Retail, Health Care and Social Assistance, Utilities, and Government.