Analyst firm Freeform Dynamics, in association with Juniper Networks and technology news website The Register, has recently released the report, “Network security in the spotlight: Understanding why it can go wrong is key to making the right investment decisions”. The Register conducted a survey of network and security professionals examining what drives organizations to excel in the delivery of information security.
The survey separates the respondents into two categories: a “Top Performers” group comprising of 40% of respondents with the highest self-reported network security performance metrics, and the rest as “Mainstream.”
So, what separates Top Performers from the Mainstream?
- More likely to be working with modern systems
- 64% feel a significant amount of their network security infrastructure is “modern and future proof”
- 18% feel a significant amount of their network infrastructure is “older, approaching end of life”
- 42% feel a significant amount of their network security infrastructure is “Cloud/SaaS/remote services”
- Far more likely to have senior managers who see network security as a strategic enabler of competitive advantage
- Less likely to say that they had too few staff and/or inadequate skills
- More likely to be working with older systems, approaching end of life
- 20% feel a significant amount of their network security infrastructure is “modern and future proof”
- 32% feel a significant amount of their network infrastructure is “older, approaching end of life”
- 27% feel a significant amount of their network security infrastructure is “Cloud/SaaS/remote services”
- Much more likely to report that “disinterest from senior managers” and “an inability to properly prioritize security” were significant inhibitors of better network security
- More than two-thirds reported that senior staff sometimes or often evade their day-to-day responsibility for network security
The Mainstream and Top Performer categories are almost evenly distributed amongst organizations of different sizes, making “how the business views security” the biggest differentiator between the two categories.
There were several data points that saw broad agreement between the two categories. For example, more than 80% of the Mainstream (and almost 50% of Top Performers) felt that the respect and/or enforcement authority they were accorded was less than what they would expect, given the level of knowledge and skill available on the security team.
This is perhaps most important in context: respondents overwhelmingly report that it takes a major security breach, compliance incident or loss of data to prompt upgrades to network security, with 80% of respondents also reporting that security decision-making is becoming more complex and challenging. Combined with the continuing skills shortage, building bridges between IT teams and business management is more important than ever.
“Network security needs to be seen as an integral part of business success, not as something external to the business process.”
— Freeform Dynamics, Network security in the spotlight, 2020
This aligns with what our customers have told us, which is why Juniper is constantly enhancing the reporting capabilities on Security Director to generate the reports that cover threat activity, application risks and URL by user and more, which can be viewed in real-time or as an automated report for additional security stake holders. Concise, informative, customizable and automated reports can be a powerful tool to communicate what different stakeholders need to know.
More than 80% of respondents feel that future business success depends on making the right network security decisions. We here at Juniper Networks certainly agree, just as we also do with the 80% of respondents who said that “any effective network security strategy must be coherent across both cloud and on-prem”.
Taking Security Seriously
Approximately half of the survey’s respondents felt their organization’s network security performance was good or excellent, with much of the concern centered on user compliance. Freeform Dynamics directly references an industry cliché: “IT struggles to protect users who ignore advice and take risks. The users – and their managers – then blame the technologists for getting in the way of their work and seek to circumvent the network security, and so on.” This reinforces Juniper’s belief that it is important to embed as much of an organization’s information security into the network as possible.
Embedding security in the network helps to make security more invisible to the end user. There are fewer controls and restrictions necessary on individual endpoints and every threat stopped in the network is one not encountered by end users.
With Juniper Connected Security, centralized management and policy enforcement of security across the organization’s entire network is simple. This makes change deployment and management easier, reducing friction with both IT administrators and the end users who consume services.
So, what ultimately drives organizations to excel at security? Past mistakes. As mentioned above, “More than two-thirds of the Mainstream reported that senior staff sometimes or often evade their day-to-day responsibility for network security. This is especially worrying because these are the very people who will be legally accountable if something goes wrong, such as a security breach where customer data is lost or stolen.”
The importance of stakeholder awareness, education and engagement are a constant theme throughout the survey, summed up as: “An organization’s managers and staff all need to understand why network security is there, what the risks are and who is legally accountable.”
Waiting for a compromise event to galvanize one’s organization into action is not an ideal approach to information security excellence. Fortunately, the data offers clues to how Juniper Connected Security can help organizations improve their security posture today.
Obviously being good at network and security management are key differentiators distinguishing Top Performers from the Mainstream, but they also have fewer integration difficulties. Juniper Connected Security relies on making both networks and network security easier to use, simpler to integrate and extends that integration to Juniper’s own products, those of our partners and even to those of our competitors.
With Juniper Connected Security, organizations can combine deep network visibility and enforcement at every connection point throughout the network, with simple, centralized management that can meet the needs of any organization, no matter the scale. Organizations can maximize the value of existing investments, while transitioning toward a modern, AI-Driven security model that minimizes the friction felt by end users and decreases the amount of administration required from IT practitioners.