Complex network security policies, such as those found in multi-vendor environments, are directly related to system outages and security breaches, according to AlgoSec.
The survey found that more than 50 percent of respondents reported a security breach, system outage, or both, due to complex policies.
The report highlights that nearly 94 percent of organizations have deployed multi-vendor environments and nearly 75 percent of organizations manually manage network security, despite the popular belief from roughly half of the respondents that consolidation would simplify management.
“Information systems’ complexity has grown exponentially yet we continue down the same path – adding more and more layers of complexity,” said independent information security consultant Kevin Beaver of Principle Logic. “Many IT managers and administrators couldn’t tell you how secure their networks arebecause they simply don’t know what’s where and what’s currently at risk. Complexity – and failing to acknowledge the complexity – are core contributors to the network security problems we face today.”
Complexity causes risk – A majority of respondents reported that complex policies have caused a system outage or a security breach. Because of complex policies, 27.8 percent experienced a system outage, 14.3 percent experienced a security breach and 9.8 percent experienced both a system outage and a security breach.
Network environments are overwhelmingly multi-vendor – According to the report, 93.9 percent of respondents have deployed solutions from multiple vendors in their environment with 56.5 percent having deployed solutions from four or more different vendors.
Multi-vendor environments are complex – “The Dangers of Complexity in Network Security” reveals that the greatest challenge of working with multiple vendors is the different expertise required (48.5 percent) while the greatest challenge of working with multiple devices is too many policies to manage (42.7 percent).
Consolidation is Key to Simplifying Management – When asked, “What is the greatest benefit of consolidating network security vendors?” 48.8 percent responded, “Simplified management.” Conversely, 36.9 percent believe that consolidating vendors prevents selecting best-in-class solutions.