There’s no question that one of the most significant challenges facing today’s IT and network security practitioners is the continued adoption of cloud-based services, along with the concurrent evolution of related networking methodologies including Software Defined Networking (SDN) and DevOps.
For those of you who followed the FireMon State of the Firewall Report released in March, you’ll recall that one of the key findings of our survey of 700+ respondents was that – contrary to some opinions – traditional network security infrastructure will play a significant role in emerging cloud, SDN and DevOps environments.
In fact, the “Emerging Paradigms” segment of the report found 87% of respondents attesting that traditional or NGFW devices currently play a valuable role in securing virtualized environments. Another 60% indicated that those mechanisms already play a valuable role in securing cloud platforms.
One of the related issues that we’ve heard from analysts such as Gartner’s Greg Young is that many organizations have taken the all too familiar “adopt first, secure later” approach to the cloud. The most common scenario finds IT organizations spinning up instances to suit emerging business requirements, then deducing after the fact that additional security controls are required.
The involved work is typically acquitted slowly and piecemeal, based largely on a lack of dedicated funding. A good deal of effort goes into migration of existing network security infrastructure, and more importantly network security policies, to support cloud services.
This week, longtime industry analyst Jon Oltsik of Enterprise Security Group published additional research supporting these conclusions based on a survey of 150 IT security professionals about “challenges associated with enforcing security policies in public and private clouds.”
According to ESG’s survey, 32% of respondents said their organizations use multiple public/private cloud offerings and find it “difficult to coordinate security operations consistently across all areas.” Additionally, Oltsik notes that 31% of respondents believe “cloud computing exacerbates communications and collaboration problems” between operations and other IT groups.
Other key findings identify issues applying existing security policies to the cloud, troubleshooting cloud security problems and managing security controls that span both physical and cloud-based infrastructure.
The fact is, when you add it all up, a set of complex security management issues related to the evolution of networking is rapidly formalizing, and organizations are struggling to address them. At FireMon, we’ve not only encountered this in our research, but more importantly among our customers, mostly large enterprises.
As this scenario plays out, more effective best practices and technological solutions will clearly need to emerge as well. We’re already moving to address that opportunity, as evidenced by FireMon’s support for Amazon AWS and OpenStack Icehouse.
The new FireMon security architecture group is also working actively to help push our solutions ahead of the curve so that we’re there to support customer use of these rapidly maturing networking paradigms and the inherent security management issues they create.
And we’re just getting started on the next State of the Firewall Report which will seek to further outline many of these trends.