Global Independent Study of 500 Senior Level Respondents Provides Clear Picture for the Future of Network Security
Where 500 Enterprises are Placing Their Chips for an Agile Network Security in 2021 and Beyond
You’re planning to increase your network security spend this year, but how do your investment priorities compare with your peers?
Partnering with Pulse, an independent research organization, FireMon sponsored a comprehensive study to discover which network security investments of 500 senior IT security leaders are prioritizing in the coming year and beyond.
We learned that enterprises are moving toward a more open, agile, and automated approach to network security. The threat landscape has shifted, cloud adoption has accelerated, DevOps is more important than ever, and enterprises that once had 50 or 100 field offices now have thousands of micro-offices located in employees’ living rooms. Complexity is proliferating as fast as… well, a virus.
They have tried buying suites from one vendor to simplify management but ended up with difficult and expensive integration challenges that wiped out their hopes for efficiency gains. Now, IT leaders want the flexibility to choose best-in-breed solutions, but they also want the ability to easily integrate those solutions with the rest of their security and compliance stack. At the same time, they are aware that managing a heterogeneous environment brings its own set of challenges – especially in the unprecedented volatility and uncertainty of the post-COVID world.
So, how are they preparing their organizations for an agile approach to network security?
Amping Up Automation
For these reasons, security orchestration and automation was cited as a top priority by respondents, with 40% saying they’ll implement this year, and only 13% saying they have no plans to implement. The reasons were evenly split between the need to improve security agility, improve compliance, reduce time to discover and resolve security incidents, and improve security team efficiency. In addition to automation, in order to improve speed and responsiveness – 91% agree that network security policy management (NSPM) is a strategic investment. In the next 12 months, 53% plan to invest in a NSPM solution.
Embracing Zero Trust
Zero Trust is also of keen interest. Nearly 20% of respondents have already begun implementation of a Zero Trust Architecture, and another 45% plan to do so this year. Unsurprisingly, the biggest drivers for Zero Trust are the increased need for secure remote access (due to COVID-19), the need to reduce cybersecurity risk, and supporting the transition to cloud architectures. Only 7% of enterprises have no plans to implement Zero Trust. We’ll be interested to see if that number changes in 2022.
2 out of 3 respondents plan to implement a secure access service edge (SASE) by 2023. The top driver for SASE is the adoption of Zero Trust Network Architecture (ZTNA) to replace legacy VPNs. Secondary drivers are the need to reduce cost and complexity, and the need to enable the mobile workforce. Enterprises are already using elements of SASE, such as Firewall as a Service (FWaaS), CASB and IPS. SASE brings these elements together in a single cloud-based platform that accelerates zero trust initiatives and reduces infrastructure complexity. While organizations are leaning into SASE aggressively, these solutions will exist alongside traditional approaches for datacenter and cloud network security for the foreseeable future.
Addressing Security-Dev Misalignment
A problem respondents were eager to address is the misalignment between network security operations and the application development and delivery process. Now that every company is a software company, DevOps and continuous delivery are more important than ever before, but friction between development and security/compliance gives rise to vulnerabilities – and provides fertile ground for costly misconfigurations and unplanned downtime. Fewer than 1 out of 5 IT leaders reported that their development and delivery processes are completely aligned with their security operations. In 2021, many will be upping their spending to close that divide.
Managing Accelerating Heterogeneity
IT Security leaders have made their preferences clear: they would rather incorporate the best technologies into their stacks, even if that means working with a lot of different vendors. So now they have to manage accelerating heterogeneity – and that calls for robust APIs. In fact, Pulse found that 80% of leaders would prefer to choose tools with open APIs that can integrate security capabilities into their workflows and adapt as needs change.
Read the Full Survey
None of the key themes are unexpected. This past year saw the acceleration of a tectonic and lasting shift in network security. It demands we work toward greater agility and speed, better management of complex infrastructures, and the ability to incorporate best-of-breed technology without increasing our management burden.
As we look forward, we see that technology strategy and investment have morphed to meet these needs in a durable and lasting way. Read the full findings of this report to get details that will be help you make more informed decisions for 2021 and beyond.