Firewalls are still a critical part of an organization’s overall security architecture yet security pros managing the technology are plagued by complex rules, policy compliance, audit readiness and manual processes, a new study found.
Network security management provider Firemon’s newly released State of the Firewall 2018 survey of 300 security pros, the fourth such edition, found that “chronic deficiencies in basic firewall hygiene” continue to beset the respondents. It’s a climate not likely to improve, with “chaos and confusion” in existing firewall infrastructures expected to worsen as next generation technology adds to the complexity, the study showed.
While firewalls remain relevant to security (Firemon asked the same question as far back as 2010 in other surveys), changes in organizational priority, device management and security staffing worsen existing challenges in firewall management, the vendor said. Moreover, as emerging platforms and devices take on functions that previously belonged to traditional firewall technology, the environment gets all the more fluid.
Here are some of the study’s key findings:
On firewall relevancy:
- Over the next five years, the network firewall will remain as critical as always or more critical than ever, according to 94 percent of respondents.
- 24 percent of respondents spend more than 25 percent of their security budgets on firewall technology, including hardware, software and maintenance.
- 26 percent of respondents are working in organizations with more than 100 firewalls.
On change management:
- Change management is challenging, with 16 percent of respondents processing at least 100 firewall change requests each week, and 40 percent processing between 10 and 99.
- Despite a high volume of change requests, 64 percent of respondents still use manual change management processes.
- 38 percent of respondents said that more than 10 percent of their network changes require rework due to inaccuracies or issues on the network.
On the cloud:
- Cloud solutions have become pervasive, with 53 percent of respondents reporting that their organizations have partially or fully adopted public or hybrid cloud.
- 35 percent of respondents highly value or somewhat value firewalls for the cloud services they manage. 31 percent said firewalls are of low value or they’re unsure of their value.
On organizational complexity:
- Nearly 40 percent of respondents said the responsibility for network security in the cloud falls outside of the purview of the security team.