SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
Thu, 25th Mar 2021
FYI, this story is more than a year old

IT security leaders are prioritising investments in automation, Zero Trust and API-based security to protect a rapidly transforming IT ecosystem, according to new research from FireMon.

A survey of 500 cybersecurity leaders has uncovered the key investments organisations are making, and the rationale behind their decisions. The survey found distinct priorities have emerged when it comes to responding to the needs of IT security's rapid transformation.

"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams," says Satin H. Mirchandani, president and CEO of FireMon.

"It is no wonder that they are adding new technologies, architectures, and approaches to ensure their networks remain protected."

The survey identified five major areas for network security investment:

  • Automation
    More than 50% of organisations are currently investing in automating policy management to safeguard against inefficient and risky functions and 79% say they will implement security orchestration and automation within two years to improve agility and responsiveness.

  • Zero Trust
    Forty five percent of organisations plan to implement a Zero Trust in the next 12 months, adding to the 17% of organisations that have already begun this process. The biggest drivers are a greater need for secure remote access (72%), reducing cybersecurity risk (70%), and supporting the transition to cloud architectures (51%).

  • Secure Access Service Edge (SASE) 
    Eight five percent of organisations have either already implemented a SASE platform or plan to do so within two years.

  • Security-Development Misalignment
    Eighty two percent of IT leaders admit their application development (DevOps) and network security operations teams are not well aligned.

  • Heterogeneity and Integration
    With growing complexity and heterogeneity, 95% of respondents are concerned about the lack of integration of network security platforms and their IT infrastructure.

"From an automation perspective, respondents cited the need to increase security agility and accelerate responsiveness and reduce the mean time to discover and resolve security incidents as the major drivers," says Mirchandani.

"This indicates that network security's growing complexity has rendered manual processes insufficient to keep up with accelerating rates of change," he says.

"Automation is now an imperative."

Mirchandani says that based on the survey findings, it is also clear that Zero Trust Architecture will achieve broad adoption to support the transition to cloud architectures and ensure security for an increasingly remote workforce.

"Both trends were accelerated by COVID-19 and are highly unlikely to be reversed," he says.

As part of this transition to cloud-based architectures, many respondents plan to implement a SASE platform to reduce cost and complexity, and improve security for their distributed and mobile workforce.

However, there is a risk of lack of alignment in a rush to balance the transition to cloud-based environments while still managing legacy infrastructure. This is especially the case when it comes to network security operations and application development and delivery processes. This misalignment causes slower application deployment, increases risk of downtime, and creates friction between security and development teams.

To gain greater alignment among security and development processes, more than 8 out of 10 organisations are looking to better integrate their systems via open APIs. This allows them to inject security capabilities into their preferred workflows, enabling greater flexibility and smoothing collaboration between groups.

"Network security is in the midst of a tectonic shift. New technologies and approaches will rapidly become the norm, forcing security teams to rethink how they manage access policies and ensure compliance in a changing and highly heterogeneous world," says Mirchandani.