Tufin Technologies has announced the results of a recent survey. Previous Tufin surveys revealed that because application connectivity requirements drive the vast majority of firewall changes, managing application connectivity has become the number one firewall management challenge. This survey, conducted in April at InfoSecurity UK, was designed to get a better understanding of the problem. 105 IT professionals, ranging from network administrators to CIOs, reported that network security teams deploy applications based on incomplete or inaccurate connectivity data, resulting in delays, downtime, and unnecessary risk and compliance exposure.
Application connectivity challenges: a quick overview
* 1/3 of the sample report their organisation has more than 500 applications, 74% report they will be deploying up to 100 new applications this year.
* There is little standardisation as to how organisations structure application connectivity processes. Network operations teams work mainly with application owners (30%), but other application connectivity stakeholders include app developers (26%), other network engineers (16%), or any variety of other parties such as a consultant, a VAR, the application vendor or an MSP (29%).
* When it comes to determining connectivity requirements, 72% report they are given a list of ports to open. 19% look it up on the Internet, 13% look at logs, and 9% rely on trial and error.
Impact on business agility
* 55% report that applications are not deployed correctly the first time, mainly (67%) due to incorrect or missing connectivity data.
* 1/3 report the Service level Agreement (SLA) for application-related firewall changes is a week or more; 81% believe it should be between 1-3 days.
* When asked what would enable a faster SLA, 1/3 cited more accurate information from application owners, 26% said knowing what ports to open, and 24% said faster risk/compliance approvals.
Impact on security and compliance
* Administrators often have no insight into why a rule was created. 41% either use the (limited) firewall comments field or rule base sections to document the business justification for a rule. 13% don’t document at all.
* 40% are not notified when an application is decommissioned.
* 30% take a ‘best effort’ approach to remove unneeded connections when an application is decommissioned. 1/6 of respondents do nothing to decommission applications.
‘This survey highlights the fact that security engineers are having to adopt new processes on the fly - processes that require them to interact with a new set of stakeholders,’ said Reuven Harrison, CTO, Tufin. ‘As a result they are not just changing who they work with but how they work. Anyone who has experienced this kind of change knows it is not easy. That’s why we are putting so much development effort into SecureApp. SecureApp provides a much needed application connectivity model on top of our network abstraction layer, enabling security teams to rise above any existing technology constraints and collaborate with other IT groups for a common goal - application delivery and business agility.'