Network Security Trends in the Era of Cloud and Mobile Computing



Similar documents
Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

2012 Global Business Intelligence Software Survey: Companies Desire Smaller, Better Targeted End-User Solutions

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Business Intelligence represents a fundamental shift in the purpose, objective and use of information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

To achieve these objectives we will use a combination of lectures, cases, class discussion, and exercises.

Personal Data Security Breach Management Policy

Key Steps for Organizations in Responding to Privacy Breaches

Succession Planning & Leadership Development: Your Utility s Bridge to the Future

A Quick Read on the State of Small Business and the Small Business Success Index 2009 Baseline Study of Small Business Success

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

Business Intelligence and DataWarehouse workshop

2012 Small and Medium Businesses Mobile Solutions Study

Better Practice Guide Financial Considerations for Government use of Cloud Computing

Change Management Process

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

Sources of Federal Government and Employee Information

Direct Marketing Production Printing & Value-Added Services: A strategy for growth

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

CRT205: CRITICAL THINKING

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

Accident Investigation

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Support Services. v1.19 /

Creating an Ethical Culture and Protecting Your Bottom Line:

Corporate Standards for data quality and the collation of data for external presentation

First Global Data Corp.

Course Syllabus PADM Management of Health Care Agencies College of Public Service and Urban Affairs Tennessee State University

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

HUMAN RESOURCE DEVELOPMENT FOR ADJUSTMENT AT THE ENTERPRISE LEVEL

SALARY CONSIDERATIONS FOR CANCER REGISTRARS

Professional Leaders/Specialists

Projects Director Report Guidelines. IPMA Level A

Audit Committee Charter

Equal Pay Audit 2014 Summary

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

The Importance of Market Research

Job Profile Data & Reporting Analyst (Grant Fund)

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

Systems Support - Extended

Online Learning Portal best practices guide

CONTENTS UNDERSTANDING PPACA. Implications of PPACA Relative to Student Athletes. Institution Level Discussion/Decisions.

How To Ensure That The Internet Is Safe For A Health Care Worker

Standards and Procedures for Approved Master's Seminar Paper or Educational Project University of Wisconsin-Platteville Requirements

Conversations of Performance Management

Data Warehouse Scope Recommendations

IN-HOUSE OR OUTSOURCED BILLING

Qualification Specification Level 3 Award in Effective Auditing and Inspection Skills

CSAT Account Management

Internet and Policy User s Guide

COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

CMS Eligibility Requirements Checklist for MSSP ACO Participation

Fast Forward Your Talent Management Approach: A Guide to Succession and Talent Review

HIPAA HITECH ACT Compliance, Review and Training Services

Organisational self-migration guide an overview V1-5 April 2014

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation User Guide

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

CCHIIM ICD-10 Continuing Education Requirements for AHIMA Certified Professionals (& Frequently Asked Questions for Recertification)

Addressing Mobile Device Security and Management Requirements in the Enterprise

Request for Proposal. Saskatchewan Arts Board. Database Development. RFP Reference Number S AB-ADMIN001. Release Date Februar y 9, 2016

Customer Service Description

Privacy Breach and Complaint Protocol

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

White. Paper. HP Ethernet Virtual Interconnect: Extending the Benefits of Virtualized Environments Across Geographically Dispersed Data Centers

Transcription:

Research Reprt Abstract: Netwrk Security Trends in the Era f Clud and Mbile Cmputing By Jn Oltsik, Senir Principal Analyst and Bill Lundell, Senir Research Analyst With Jennifer Gahm, Senir Prject Manager and Kyle Prigmre, Assciate Analyst August 2014 2014 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

Intrductin Research Objectives Research Reprt: Netwrk Security Trends in the Era f Clud and Mbile Cmputing In rder t accurately assess rganizatins netwrk security plicies, prcesses, rganizatins, and technlgies, ESG recently surveyed 397 security prfessinals representing enterprise-class (1,000 emplyees r mre) rganizatins in Nrth America. All respndents were respnsible fr r directly invlved in the planning, implementatin, r peratins f their rganizatin s netwrk security plicies, prcesses, r technical safeguards. The survey was designed t answer questins abut: Netwrk security knwledge and pinins D IT rganizatins believe that netwrk security is getting mre difficult? If s, why? What is driving netwrk security strategy? What are the biggest netwrk security challenges fr enterprise rganizatins? The rganizatin respnsible fr netwrk security D rganizatins have the right skills and staff levels t address netwrk security? Which grup(s) are respnsible fr netwrk security tday? Are there any changes planned? Which grups are respnsible fr individual netwrk security tasks? Are there any day-t-day prblems with these grups? Netwrk security technlgies What types f security cntrls and technlgies are used tday? Hw are these changing? Hw are rganizatins adpting specific types f security technlgies such as netwrk access cntrls, next-generatin firewalls, and netwrk-based anti-malware technlgies? What are the mst cmpelling features and use cases fr these technlgies? Virtual netwrk security appliances and the use f sftware-defined netwrking (SDN) Are rganizatins using virtual security appliances? If nt, why? Are rganizatins deplying SDN? If s, what is the security grup s rle in this prcess? What are the mst cmpelling use cases fr SDN as it applies t netwrk security? Netwrk security strategies What d security prfessinals need frm netwrk security in the future? Hw are their netwrk security strategies impacting their current technlgy decisins? Survey participants represented a wide range f industries including financial services, manufacturing, business services, cmmunicatins and media, and gvernment. Fr mre details, please see the Research Methdlgy and Respndent Demgraphics sectins f this reprt. 2014 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

Research Methdlgy T gather data fr this reprt, ESG cnducted a cmprehensive nline survey f IT and infrmatin security prfessinals frm private- and public-sectr rganizatins in Nrth America (United States and Canada) between April 22, 2014 and May 5, 2014. T qualify fr this survey, respndents were required t be IT prfessinals directly invlved in the planning, implementatin, and/r peratins f their rganizatins netwrk security plicies, prcesses, r technical safeguards. All respndents were prvided an incentive t cmplete the survey in the frm f cash awards and/r cash equivalents. After filtering ut unqualified respndents, remving duplicate respnses, and screening the remaining cmpleted respnses (n a number f criteria) fr data integrity, we were left with a final ttal sample f 397 IT and infrmatin security prfessinals. Please see the Respndent Demgraphics sectin f this reprt fr mre infrmatin n these respndents. Nte: Ttals in figures and tables thrughut this reprt may nt add up t 100% due t runding.

Research Reprt: Netwrk Security Trends in the Era f Clud and Mbile Cmputing Respndent Demgraphics The data presented in this reprt is based n a survey f 397 qualified respndents. Figures 1 thrugh 4 detail the demgraphics f the respndent base, including individual respndents rles, as well as respndent rganizatins ttal number f emplyees, primary industry, and annual revenue. Respndents by Rle Respndents current rle with their rganizatin is shwn in Figure 1. Figure 1. Survey Respndents by Rle Which f the fllwing best describes yur current respnsibility within yur rganizatin? (Percent f respndents, N=397) IT staff, 11% IT management, 23% Respndents by Number f Emplyees The number f emplyees in respndents rganizatins is shwn in Figure 2. Figure 2. Survey Respndents by Number f Emplyees Senir IT management (e.g., CIO, VP f IT, Directr f IT, etc.), 65% Surce: Enterprise Strategy Grup, 2014. Hw many ttal emplyees des yur rganizatin have wrldwide? (Percent f respndents, N=397) 20,000 r mre, 25% 1,000 t 2,499, 16% 10,000 t 19,999, 12% 2,500 t 4,999, 26% 5,000 t 9,999, 21% Surce: Enterprise Strategy Grup, 2014. 2014 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

Respndents by Industry Research Reprt: Netwrk Security Trends in the Era f Clud and Mbile Cmputing Respndents were asked t identify their rganizatins primary industry. In ttal, ESG received cmpleted, qualified respndents frm individuals in 19 distinct vertical industries, plus an Other categry. Respndents were then gruped int the brader categries shwn in Figure 3. Figure 3. Survey Respndents by Industry What is yur rganizatin s primary industry? (Percent f respndents, N=397) Cmmunicatins & Media, 7% Other, 16% Financial (banking, securities, insurance), 22% Gvernment (Federal/Natinal, State/Prvince/Lcal), 7% Business Services (accunting, cnsulting, legal, etc.), 7% Retail/Whlesale, 10% Health Care, 11% Manufacturing, 21% Surce: Enterprise Strategy Grup, 2014. Respndents by Annual Revenue Respndent rganizatins annual revenue is shwn in Figure 4. Figure 4. Survey Respndents by Annual Revenue 25% What is yur rganizatin s ttal annual revenue ($US)? (Percent f respndents, N=397) 22% 20% 15% 15% 14% 14% 13% 10% 5% 3% 6% 8% 4% 0% Less than $100 millin $100 millin t $249.999 millin $250 millin t $499.999 millin $500 millin t $999.999 millin $1 billin t$5 billin t $4.999 $9.999 billin billin $10 billin $20 billin t $19.999 r mre billin Nt applicable (e.g., public sectr, nnprfit) Surce: Enterprise Strategy Grup, 2014. 2014 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

Research Reprt: Netwrk Security Trends in the Era f Clud and Mbile Cmputing Cntents List f Figures... 3 List f Tables... 4 Executive Summary... 5 Reprt Cnclusins... 5 Intrductin... 8 Research Objectives... 8 Research Findings... 9 ESG s Netwrk Security Segmentatin Mdel... 9 The Netwrk Security Landscape... 11 The State f Netwrk Security... 15 Netwrk and Security Staffing... 18 Netwrk Security Technlgy... 27 Use f Netwrk Access Cntrls... 31 Next-generatin Firewalls (NGFWs)... 36 Netwrk-based Anti-Malware... 41 Security, Virtualizatin, and Sftware-defined Netwrking (SDN)... 45 Cnclusin... 55 Research Implicatins fr Infrmatin Security Vendrs... 55 Research Implicatins fr IT and Infrmatin Security Prfessinals... 56 Research Methdlgy... 58 Respndent Demgraphics... 59 Respndents by Rle... 59 Respndents by Number f Emplyees... 59 Respndents by Industry... 60 Respndents by Annual Revenue... 60 2014 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

Research Reprt: Netwrk Security Trends in the Era f Clud and Mbile Cmputing List f Figures Figure 1. Netwrk Security Is the Mst Significant Netwrking Investment in 2014... 5 Figure 2. ESG Netwrk Security Segmentatin Mdel... 10 Figure 3. Change in Netwrk Security Over the Last Tw Years... 11 Figure 4. Change in Netwrk Security Over the Last Tw Years, by Segmentatin Mdel... 12 Figure 5. Factrs That Have Made Netwrk Security Management and Operatins Mre Difficult Cmpared with Tw Years Ag... 13 Figure 6. Biggest Netwrk Security Challenges... 14 Figure 7. Factrs That Have the Mst Significant Impact n Shaping Organizatins Netwrk Security Strategy... 15 Figure 8. Primary Netwrk Security Strategy Objectives... 16 Figure 9. Security Organizatins Rate Their Netwrk Security Prficiency... 18 Figure 10. Hw Organizatins Manage and Operate Netwrk Security Prcesses and Technlgy... 19 Figure 11. Day-t-day Cllabratin n Netwrk Security Between IT Security and Netwrking Grups... 20 Figure 12. Divisin f Labr fr Netwrk Security Tasks... 21 Figure 13. Organizatinal Challenges Between IT Security and Netwrk Teams Specific t Netwrk Security... 22 Figure 14. Emplyment f a Netwrk Security Architect(s)... 23 Figure 15. Emplyment f a Netwrk Security Architect(s), by Segmentatin Mdel... 24 Figure 16. Organizatins Apprach t Netwrk Security... 25 Figure 17. Organizatins Apprach t Netwrk Security, by Segmentatin Mdel... 25 Figure 18. Hw Organizatins Learn Abut Netwrk Security Prduct and Technlgy Innvatin... 26 Figure 19. Organizatins Strategy fr Netwrk Security Investment... 27 Figure 20. Spending Change fr Perimeter and Internal Netwrk Security Defenses... 28 Figure 21. Technlgies and Hw They Are Used as Part f Organizatin s Netwrk Security Strategy... 29 Figure 22. Enfrcement f Netwrk Access Cntrls... 31 Figure 23. Enfrcement f Netwrk Access Cntrls, by Segmentatin Mdel... 32 Figure 24. Factrs Driving Organizatins t Use Netwrk Access Cntrls... 33 Figure 25. Netwrk Access Plicy Parameters... 34 Figure 26. Types f Netwrk Access Cntrls Enfrced/Planned t be Enfrced... 35 Figure 27. Respndents Familiarity with Next-generatin Firewalls... 36 Figure 28. Respndents Familiarity with Next-generatin Firewalls, by Segmentatin Mdel... 37 Figure 29. Deplyment f Next-generatin Firewalls... 37 Figure 30. Mst Apprpriate Use Case fr Next-generatin Firewalls... 38 Figure 31. Mst Cmpelling Features f Next-generatin Firewalls... 39 Figure 32. Mst Imprtant Requirements fr a Data Center Firewall... 40 Figure 33. Netwrk-based Anti-malware Deplyment... 41 Figure 34. Mst Cmpelling Features f Netwrk-based Anti-Malware Technlgy... 42 Figure 35. Anti-malware Technlgy and Analytics Integratin n Netwrks and Endpints... 44 Figure 36. Anti-malware Technlgy and Analytics Integratin n Netwrks and Endpints, by Segmentatin Mdel... 44 Figure 37. Use f Virtual Security Appliances... 45 Figure 38. Use f Virtual Security Appliances, by Segmentatin Mdel... 46 Figure 39. Factrs That Held Organizatins Back frm Mre Extensive Use f Virtual Security Appliances... 47 Figure 40. Respndents Familiarity with SDN Technlgies... 48 Figure 41. Respndents Familiarity with SDN Technlgies, by Segmentatin Mdel... 48 Figure 42. SDN Technlgy Usage... 49 Figure 43. SDN Technlgy Usage, by Segmentatin Mdel... 50 Figure 44. Hw Organizatins Evaluated SDN Technlgy... 50 Figure 45. Hw Netwrking and Security Teams Wuld Learn Abut SDN... 51 Figure 46. SDN Deplyment Strategy... 52 Figure 47. SDN Security Use Cases... 53 2014 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

Research Reprt: Netwrk Security Trends in the Era f Clud and Mbile Cmputing Figure 48. Vendr Services/Supprt Items That Wuld Be Mst Helpful in Mving Frward with a Net-new Netwrk Security Initiative... 54 Figure 49. Survey Respndents by Rle... 59 Figure 50. Survey Respndents by Number f Emplyees... 59 Figure 51. Survey Respndents by Industry... 60 Figure 52. Survey Respndents by Annual Revenue... 60 List f Tables Table 1. Primary Objectives fr Organizatins Netwrk Security Strategy, by Segmentatin Mdel... 17 Table 2. Hw Organizatins Manage and Operate Netwrk Security Prcesses and Technlgy, by Segmentatin Mdel... 20 Table 3. Primary Netwrk Security Strategy Objectives, by Segmentatin Mdel... 28 Table 4. Hw Organizatins Use Varius Technlgies as Part f Their Netwrk Security Strategy, by Segmentatin Mdel... 30 Table 5. Netwrk-based Anti-malware Deplyment, by Segmentatin Mdel... 41 Table 6. Mst Cmpelling Features f Netwrk-based Anti-Malware Technlgy, by Segmentatin Mdel... 43 All trademark names are prperty f their respective cmpanies. Infrmatin cntained in this publicatin has been btained by surces The Enterprise Strategy Grup (ESG) cnsiders t be reliable but is nt warranted by ESG. This publicatin may cntain pinins f ESG, which are subject t change frm time t time. This publicatin is cpyrighted by The Enterprise Strategy Grup, Inc. Any reprductin r redistributin f this publicatin, in whle r in part, whether in hard-cpy frmat, electrnically, r therwise t persns nt authrized t receive it, withut the express cnsent f The Enterprise Strategy Grup, Inc., is in vilatin f U.S. cpyright law and will be subject t an actin fr civil damages and, if applicable, criminal prsecutin. Shuld yu have any questins, please cntact ESG Client Relatins at 508.482.0188. 2014 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

20 Asylum Street Milfrd, MA 01757 Tel: 508.482.0188 Fax: 508.482.0128 www.esg-glbal.cm