Initial findings of an international market research project from Juniper Networks reveal that traditional approaches to securing the network have been found somewhat wanting in the new working world and are amplifying challenges in the face of budget constraints and an increasingly remote workforce.
The network products, solutions and services firm commissioned the study from independent research agency Vanson Bourne to explore the attitudes, perspectives and concerns of 1,000 senior IT networking and security professionals – such as chief information officers, chief information security officers, chief technology officers, IT directors, network architects, security directors and IT security specialists – drawn from various industry sectors across France, Germany, Israel, Italy, Kingdom of Saudi Arabia, the Netherlands, UAE, the UK and the US.
The professionals worked in organisations with between 1,000 and 5,000 employees in industries including education, financial services, government, healthcare, IT and telecoms, manufacturing and production, media, leisure and entertainment, retail, transport and utilities/energy.
Despite the varied sample base, a consistent picture emerged from the findings: network security is an ever-present and growing headache for IT teams, especially in the current climate of mass-scale remote working.
Alarmingly, 97% of the sample stated that they had been obliged to spend money on breach mitigation in the past 12 months, with the average cost being more than US$276,000. Juniper said this suggested that organisations do not fully realise how vulnerable their networks are to attack and that reluctance to invest in intelligent security was counter-productive, both to the bottom line and to grasping tangible business benefits proactively.
In terms of addressing solutions, the study revealed that the prospect of wholesale “rip and replace” to introduce integrated security was not viable nor attractive.
The professionals’ tasks were being made more difficult by network performance issues, an inability to upgrade the entire network and the daily grind of basic network maintenance which inhibits further innovation. An added challenge was to be found in how companies positioned security as a resource drain rather than a business benefit.
The study noted that the solution IT professionals yearn for appeared to lie in integrated visibility within the network for more accuracy, providing data-driven context to faster security tools, automation and widespread policy enforcement to overcome challenges. This required approach, said Juniper, would enable teams to deliver “meaningful insight at scale”, while avoiding additional cost and freeing up teams to pursue more strategic projects.
Yet as many as 97% of survey respondents admitted they were specifically experiencing ongoing challenges when attempting to secure their organisation’s network effectively.
Juniper stressed that it needed repeating that the IT challenges that existed before the increase in remote working have been amplified significantly against a burgeoning threat landscape, populated by prolific, highly motivated “bad actors” who constantly innovate and take advantage of every opportunity to thrive and remain undetected. It added that IT and security professionals were further challenged by the need to balance necessary business demands against security, even when they are aware these changes extend the attack surface of their organisation’s network infrastructure and demand further protection.
Another mighty segment of the sample, 86%, felt that they needed to improve network reliability and performance. The survey showed that to be fully effective, a security deployment must be fully integrated into the network it protects, rather than an uncoupled overlay. Moreover, on average 47% of IT employees’ time was found to be absorbed by “keeping the lights on” in the network instead of pursuing innovation.
A similar percentage indicated that they were seeking a security solution to give better visibility across existing apps, reducing false positives and improving threat response times. The underlying subtext is that IT and security leaders were saying loud and clear that their teams lacked time, making the pursuit of false positives frustrating, with the potential of leading to costly human error-driven mistakes. The net result was a risk that timely mitigation of genuine threats could be hampered.
Analysing the study results, Samantha Madrid, vice-president of security business and strategy at Juniper Networks, said there was a clear narrative among senior IT and security professionals that was “overwhelmingly” confirmed in this survey.
“Put simply, they know network security is hugely important, with failure increasingly carrying significant risk for their organisation,” she said. “As workers become more distributed and threats become more sophisticated, security professionals are faced with new and emerging challenges that put enterprises at even greater risk than before.
“Companies need threat-aware networks that bring speed and agility to enterprise security, coupled with a connected security strategy that allows all network elements to work together for increased visibility and action where it matters most. The old way of thinking about security will no longer suffice for those companies battling a new norm.”