You aren’t alone! FireMon conducted a survey at Infosecurity Europe earlier this month, and I wish I could say the results were surprising. As a group, cyber security professionals are overworked, underutilized, and required to satisfy business and regulatory demands that are often in direct conflict. Among the security professionals we surveyed, a full 51% stated that they spent most of their days firefighting instead of doing “meaningful security work.” This is a frustrating and dangerous state of affairs I believe is caused, at least in part, by increasing network complexity.
Organizations are putting solution after solution in place to try to find the missing piece to their security puzzle when, in fact, more technology probably isn’t the answer. This constant acquisition of solutions—and the increasing network complexity that goes along with it—is driven at least in part by regulatory compliance. Security professionals are simultaneously being asked to chase compliance—56% admitted they had added a product purely to meet compliance regulations, even though they knew it offered no other business benefit—while also compromising security posture in order to meet business demands.
In fact, 52% of IT security pros survey admitted to adding access that they know had decreased their organization’s security posture. And those outside regulations? 28% admitted to cheating on an audit just to pass, a figure that has gone up 6% from five years ago when the same question was posed. Something is broken here. More solutions aren’t needed—better management is.
If you’re looking to stop fighting fires and reclaim control of your network, consider the following four tips:
- Get Visibility – You can’t manage what you don’t know is there. Having detailed visibility into firewall rules and policy effectiveness allows you to clean up outdated or redundant rules and close security gaps, lowering overall firewall complexity and level of risk.
- Get Intelligence – By taking into account knowledge of the vulnerabilities in the networked environment on well-known threat entry points and combining it with real-time monitoring and vulnerability mapping, you have the situational awareness it needs to identify and remediate problematic issues before they evolve.
- Integrate – Exchange of information between disparate systems cannot be underestimated. The ability to share security information in real time without restricting it to a single application, system or device can empower you to make decisions.
- Automate – Change workflow automation can help your team assess the impact of any new access being provided and restrict or vet it against the corporate security policy to ensure it does not break compliance or introduce unacceptable risk.
What are your thoughts on the mounting pressures and competing objectives placed on IT security staff from inside as well as outside organizations? Tweet us @firemon and let us know if you are #overworkedinIT!