Survey Says: Security professionals remain concerned about managing cloud and data center environments to prevent breach.
When it comes to role and job responsibilities, today’s cybersecurity professionals have a lot on their plates. Over the years, as networks and digital data have expanded exponentially, so too have the duties of the security team to ensure the confidentiality, integrity, and availability of the systems and data upon which organizations depend. With the large number of things that security practitioners need to be concerned with, Edgewise set out to understand practitioners’ priorities related to network and data security.
During Black Hat 2018, Edgewise surveyed booth visitors to understand their network security concerns and how they’re currently approaching protection of networked assets in on-premises data centers and the cloud. Respondents were security practitioners (security analysts, architects, engineers, risk managers, pen testers, IT specialists, etc.: 71%), executives (12%), consultants (6%), and students (11%) from multiple industries. Highlights from the survey continue below.
To start we asked about respondents’ networking environment(s).
In what environment does your corporate networking primarily occur?
As expected, the highest number of respondents’ organizations (32.5%) maintain a hybrid cloud environment (a combination of cloud and on-premises data centers). Not far behind were organizations that exclusively run on-premises environments (26.5%). Given security practitioners’ fears about loss of control in the cloud, this isn’t surprising in one regard, but on the other hand, with all of the hype about moving to the cloud and the business benefits thereof, we were interested to learn that only slightly less than 12% of companies are running private clouds.
When it comes to the security of what practitioners put in those networking environments, the top concerns related to workloads, applications, and software are data privacy and data leakage (both 44%) and unauthorized access (41%). One respondent who chose “other” wrote that he is most concerned with “hacking [of] all the clients,” which we interpret to mean a combination of data privacy, data leakage, and unauthorized access.
What are your top concerns related to the security of your application workloads? (pick up to 3)
Interestingly, compliance concerns ranked just after “unauthorized access.” Though compliance is a big business concern (and therefore one that trickles down to security teams), the security community—and especially the hacker community, which turns out in full force in Vegas in August—is quite fond of reminding anyone who will listen that “compliance doesn’t equal security.” So while practitioners know that compliance is often the lowest bar for security (or, put a nicer way, the foundation of a good security program), it still consumes a lot of worry space in security’s brains.
Operationally speaking, our respondents’ pain points about the security of their application workloads in the data center or cloud varied. Auditability outranked the next highest category, visibility, by 9 percentage points. Security practitioners need to be able to keep close tabs on systems and data that reside within them to understand if the environment is working properly, what vulnerabilities are present, how controls are functioning, and whether processes are being followed; they need to be able to prove what’s happening in their cloud or data center and demonstrate that tampering or malfunction hasn’t occurred. Beyond crossing all the “t”s and dotting all the “i”s, however, security pros need to be able to see what’s happening in their environments in real time to be able to respond appropriately.
What are your biggest operational security concerns for application workloads? (pick up to 3)
Ranking at third place on this list is concern about setting and managing security policies (41%). With the plethora of tools security teams have to manage across their environments, determining, monitoring, and tuning security controls can quickly monopolize work hours (which would be fine if the security team is resourced enough to have an FTE dedicated to doing so, but in our experience this is rarely the case except in the largest organizations).
Of course, when it comes to applications/software, any modifications or updates can send traditional security tools into a tailspin, leaving security practitioners chasing false positives and fielding angry calls from business users who can’t access critical applications when they’ve been blocked or when they malfunction because a security policy has been superimposed. Thirty-five percent of respondents said that a “top 3” operational security concern is updates or changes to software. Since slowdowns to software development aren’t likely to occur anytime soon, security teams really need tooling that can adapt while keeping data secure.
But tooling, itself, can be a hassle for security practitioners. Anyone who walked the business hall at Black Hat could see the overabundance of security vendors promising all kinds of tricks and fixes (along with tchotchkes and even gift cards for sitting through demos). And because tooling is necessary—but it can take some trial and error to find the most effective and reliable ones—security teams can find themselves buried in shelfware or managing too many tools and alerts.
What is your primary concern about deploying new network security technology?
When asked, “What is your primary concern about deploying new network security technologies,” an equal 23.5% of respondents answered “securing budget” and “too many tools to manage.” Along with “lack of qualified staff,” (21%) these results shouldn’t be shocking to anyone who has been around the security industry for any length of time. Security teams are continually asked to do more with less / protect the organization’s systems and growing amount of data with scant increases in budget while competing with hundreds of other firms for talent. Legacy tools remain while newer ones with improved capabilities enter the market, and CEOs or CFOs are often willing to invest in the latest technologies if it means keeping the company out of the media spotlight due to a breach. All of this equates, though, to tools overload and not enough people to manage them. Practitioners are hungry for more effective tools that can handle today’s threats while reducing the oversight burden commonplace in so many organizations.
These highlighted results are only the tip of the iceberg when it comes to security teams’ difficulty in protecting networks, systems, and data, but they do provide a window into what’s top of mind and common approaches to network security today.