As businesses move forward with digital transformation, their systems and networks will inevitably become more complex — and more challenging to secure. “Businesses are moving faster than their ability to secure their networks,” says Tim Woods, VP of Technology Alliances at FireMon. “On-prem IT isn’t the same as people securing the cloud.”
The 2019 FireMon State of the Firewall Report, based on a survey of more than 570 IT and security professionals, highlights challenges that managing firewalls and web application firewalls are creating for businesses and enterprises. Here are three firewall facts that managed services providers (MSPs) and value-added resellers (VARs) need to know:
1Firewall misconfigurations are common
The report reveals a growing concern for firewall misconfigurations. Of the IT and security professionals responding to the FireMon survey, 36% say misconfigurations or errors account for up to a quarter of all changes that require rework.
Woods says there can be several factors contributing to misconfigurations:
- The shortage of skilled IT professionals, specifically IT security professionals, may mean that the responsibility for configuring a firewall falls to in-house resources that lack training.
- IT resources can be overworked, which can lead to a higher rate of errors or incomplete tasks.
- IT professionals may mistakenly assume that cloud services providers completely handle security.
- Workflows are moving to cloud or hybrid environments, but in-house IT is still following the same procedures for securing on-premises systems.
Firewall misconfigurations are more than an efficiency problem, however. According to Gartner research, firewall misconfigurations will cause 99% of firewall breaches.
2Businesses leaders lack real-time visibility into their networks and security risks
FireMon research shows IT security teams are “simply overwhelmed.” About one-third of survey respondents have more than 100 firewalls on their networks, and 33% have between 10 and 99 firewalls. Furthermore, 78% of businesses or organizations use two or more firewall vendors, and 60% have firewalls deployed in the cloud, creating an even bigger management challenge for IT professionals. This security system complexity has resulted in decreased visibility, with only 23% of C-suite respondents having at least 80% real-time visibility into network security risks and compliance. Also, 24% of respondents to the FireMon survey aren’t sure or wouldn’t admit whether they failed a compliance audit in the 12 months prior to the survey.
“When change happens, it’s essential to evaluate as quickly as possible. Did the change introduce too much risk or change compliance posture? It’s hard to manage what you can’t see,” Woods says.
3Businesses are still trying to manage firewalls manually
Automation has become necessary to keep up with changes within an organization’s network and to respond promptly to new threats and risks. The FireMon survey, however, found that 65% of organizations are not using any automation to manage their environments. Woods comments that this year’s survey, the sixth annual study, is the first time a lack of automation ranked among top IT and security professional concerns.
A lack of automated processes also means that IT resources are spending time on manual tasks rather than focusing on projects that can advance innovation and improve security. And, as the FireMon report points out, “Lack of automation is a prescription for human error.”
Facts About the State of Firewalls Add Up to Opportunities for MSPs
Although in-house IT resources are challenged to keep up with firewall management, 95% of C-level execs see firewalls as critical and continuing to be critical to security for the next five years. This creates a conundrum for those executives: Firewalls are necessary, but businesses don’t have the resources to implement them correctly.
“This is an opportunity for MSPs to step in and say, ‘We know how convoluted things are, how much complexity there is, the rules you need to follow, and the lack of resources,’” Woods says. “Risks, the demands of regulatory compliance, and the use of cloud are all increasing, but resources to manage firewalls are not increasing. Businesses will look to you to see if the solutions you provide can help them work smarter.”
He adds that when you provide management of firewalls and web application firewalls, your value proposition will ring true.
“There was a company hit by Petya. It took out 80% of their operations and took them eight months and a great deal of money to get back to operational stability,” says. Woods. “Some companies can’t recover from it.”