What IT leaders are prioritizing in network security investments?

Distinct priorities have emerged when it comes to responding to the needs of IT security’s rapid transformation, a Pulse Media research has found.

The survey of 239 cybersecurity leaders across the EMEA region uncovered the key investments organizations are making and the rationale behind their decisions.

“The study shows that the combination of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams,” says Satin H. Mirchandani, President and CEO of FireMon.

“It is no wonder that they are adding new technologies, architectures, and approaches to ensure their networks remain protected.”

As such, respondents in EMEA have indicated that they will significantly be ramping up investments in security orchestration and automation. According to the survey, 96 percent of companies either have already implemented security orchestration and automation or plan to do so in the next 24 months.

Five major areas for EMEA network security investments

• Automation – 21 percent of organizations are investing in automating policy management to safeguard against inefficient and risky functions. More than 70 percent say they will implement security orchestration and automation within two years to improve agility and responsiveness.
• Zero trust – 38 percent of organizations plan to implement zero trust in the next 12 months, adding to the 23 percent of organizations that have already begun this process. The biggest drivers are a greater need for secure remote access (78 percent), reducing cybersecurity risk (70 percent), and supporting the transition to cloud architectures (51 percent).
• Secure access service edge (SASE) – 82 percent of organizations have either already implemented a SASE platform or plan to do so within two years.
• Security-development misalignment – 73 percent of IT leaders admit their application development (DevOps) and network security operations teams are not well aligned.
• Heterogeneity and integration – With growing complexity and heterogeneity, 93% of respondents are concerned about the lack of integration of network security platforms and their IT infrastructure and nearly half looking for open API integrations.

From an automation perspective, respondents cited the need to increase security agility and accelerate responsiveness and improve compliance as the primary drivers. This indicates that network security’s growing complexity has rendered manual processes insufficient to keep up with accelerating rates of change. Automation is now an imperative.

Even so, only 21 percent of respondents have indicated that they have already automated their network security policies. But there are positive signs, as 53 percent plan to complete this process in the next two years.

Zero trust architecture to achieve broad adoption

Based on the survey findings, it is also clear that zero trust architecture will achieve broad adoption to support the transition to cloud architectures and ensure security for an increasingly remote workforce. Both trends were accelerated by COVID-19 and are highly unlikely to be reversed.

As part of this transition to cloud-based architectures, many respondents plan to implement a secure access service edge (SASE) platform to reduce cost and complexity and improve security for their distributed and mobile workforce.

They cite replacing legacy virtual private networks (57 percent), reduced cost and complexity (54 percent), and an improved user experience (54 percent) as their three top reasons for doing so.

However, there is a risk of lack of alignment in a rush to balance the transition to cloud-based environments while still managing legacy infrastructure. This is especially the case when it comes to network security operations and application development and delivery processes. This misalignment causes slower application deployment, increases the risk of downtime, and creates friction between security and development teams.

Most orgs looking to integrate their systems via open APIs

More than 8 out of 10 organizations look to integrate their systems via open APIs to gain greater alignment among security and development processes. This allows them to inject security capabilities into their preferred workflows, enabling greater flexibility and smoothing collaboration between groups.

It was found that 88% of IT security leaders believe investing in network security platforms is a strategic investment. Such platforms boost their network security agility and ensure centralised visibility and control of security policies across hybrid networks, risk analysis, and real-time compliance.

“Network security is experiencing a fundamental shift. The past year has accelerated so many aspects of this shift that we’ve been enduring for some time. Now we see new technologies and approaches rapidly becoming the norm, forcing security teams to rethink how they manage access policies and ensure compliance in a changing and highly heterogeneous world,” concludes Mirchandani.