Crossbeam Survey Reveals That IT Security Personnel Are Making Dangerous Security Trade-Offs to Meet Business Demands81 Percent of Respondents Admit to Shutting off Security Functionality to Improve Network Performance, Despite Acknowledging that Security is More Important
July 19, 2011
The increasing number and severity of recent data breaches and cyber attacks have made one thing clear among major corporations and government entities: developing a strong security posture is mission critical. Yet, according to survey results announced today from Crossbeam Systems, the leading provider of next-generation security platforms for high-performance networks, IT security personnel within large corporations are shutting off critical functionality in security applications to meet network performance demands for business applications. This “security for speed” trade-off puts employees, customers, partners and other constituents at risk in order to meet business demands.
The survey, which polled nearly 500 network security, IT and C-level executives at global enterprises and service providers, reveals the extent to which IT personnel are struggling to address the “speed vs. security” trade-off. Ninety (90) percent of the respondents admit to making a trade-off between security and throughput performance. Moreover, while a majority of respondents (67 percent) agree that if forced to choose, security would trump performance when evaluating a security solution, 81 percent also admit to shutting off functionality in a security product because it was slowing down their network.
“The survey results are another proof-point for what has become a growing issue in the industry - the challenge of managing security performance,” said Chris Christiansen, program vice president, Security Products and Services, IDC. “The findings suggest the problem may be far greater than generally perceived, and it serves as a call to action for IT security personnel to take the time to test their solutions under real-world conditions, hold their security vendors accountable for the performance of their products, and gain a true understanding of their network requirements.”
Other survey findings reveal key factors driving the security vs. performance challenge, including:
IT security personnel are not testing security products under real-world conditions – Survey results showed a surprising 42 percent of respondents did not test the security solutions they were evaluating under real-world traffic loads. Among those that have conducted real-world tests, many of the basic security functions, such as intrusion prevention capabilities enabled with recommended policies, were not included.
“These results are shocking when you consider that most survey respondents come from large, global companies with enormously complex network environments,” said Mike Akerman, chief technology officer at Crossbeam. “The fact that nearly half of the respondents are not doing their due diligence by testing security solutions in real-world environments is surprising when you consider the growing number of threats. However, the more we can educate the market about the issues with security performance and what factors to consider when building a high-performance security architecture, the less IT will have to make difficult choices between serving the business and protecting users.”
Security vendor performance claims are misleading – More than 93 percent of respondents agree that security hardware vendor data sheet performance metrics are misleading, with 58 percent affirming that they simply do not trust the these performance metrics. The result of this market confusion: more than 60 percent of respondents admit they have been forced to purchase additional hardware for a security solution to address the disparity between what vendors claimed their products could do and reality.
“In an economy with tightening budgets and close scrutiny of IT projects, misrepresentation of product performance has IT security personnel scrambling to understand how to build a high-performance security infrastructure from the start, rather than throwing more hardware on the network after the fact, which can create additional management problems and unplanned strains on IT resources,” added Akerman.
IT security personnel do not plan for the long term – The massive growth in data traffic demands, caused in part by the use of smartphones, tablets and other personal mobile devices to share multi-media, high-bandwidth content, is forcing IT personnel to anticipate their performance needs years in advance in order to build scalable and secure networks. Yet, survey results reveal a surprisingly low number of IT personnel at major corporations are thinking beyond the short term. Just over half (51 percent) report that they only evaluate their performance needs less than a year to 24 months in advance.
Security products are not being fully optimized – Security products have become more sophisticated and multi-layered in their defenses. While this has helped organizations prevent attacks and protect users, these products have also become more complex to manage. Next-generation firewalls (NGFW), for example, promise to help IT security personnel achieve greater application visibility and control over their networks with a device that integrates functions such as advanced firewalls, intrusion prevention and application-awareness capabilities. However, the reality is that most survey respondents are not using the full capabilities of their NGFW and are, in fact, only using the minimum features. According to survey results, stateful firewall remains the core function being used (91 percent of respondents), followed by NAT (73 percent), IPSEC/VPN (71 percent), and IDS/IPS (65 percent).
“Crossbeam’s survey results reflect an unsettling trend for many organizations that implement perceived feature-rich solutions like next generation firewalls and other security products. On paper, they sound impressive, but in reality, they fail to perform or meet real business objectives,” said Jeff Sherwood, founder and principal security strategist for the Executive Cyber Institute.
To access the survey report and information on how IT security personnel can address the challenges of deploying security in high-performance environments, visit www.crossbeam.com/performance.
About the Survey
Crossbeam Systems surveyed nearly 500 network security, IT and C-level personnel at large global enterprises and service providers across several industries – including financial services, healthcare, education, transportation, government and telecommunications. More than 80 percent of these organizations have revenues of $100 million or more, with 50 percent of these exceeding $1 billion in revenue. The survey, conducted in June 2011, asked a series of questions about the trade-offs security personnel make between security and performance, and their experiences maintaining performance as they deploy next-generation firewalls.
Crossbeam Systems®, Inc. offers a proven approach to deploying network security that meets the extreme performance, scalability and reliability demands of large enterprises, service providers and government agencies. Its leading X-Series security platform offers an open, high-performance architecture that easily provisions and scales multiple best-in-class security applications to meet the ever-changing threat landscape. Companies rely on Crossbeam to intelligently manage risk, accelerate and maintain compliance, and protect their businesses from evolving threats. Crossbeam is headquartered in Boxborough, Mass., and has offices in Europe, Latin America and Asia Pacific. More information is available at www.crossbeam.com.