Application Connectivity Bottlenecks Stem from Disconnect of App Owners and Network Managers, Tufin Survey Finds

By Peter Bernstein June 12, 2013

Ever wonder why there is a problem when you install new applications and, to be polite, there are issues? The answer as to why lies in an interesting place, as has been revealed in a recent Tufin Technologies survey

For those unfamiliar, Tufin Technologies is a provider of Security Process Automation (SPA) solutions, which to many may seem like “plumbing,” but as with your home you know such solutions are important when they don’t work correctly. Previous Tufin surveys have shown that because application connectivity requirements drive the vast majority of firewall changes, managing application connectivity has become the number one firewall management challenge. 

The latest survey, conducted in April at InfoSecurity UK, sought to delve into the issue in a more granular fashion. The headline finding of the survey tells an interesting tale. The 105 IT professionals, ranging from network administrators to CIOs, reported, “Network security teams deploy applications based on incomplete or inaccurate connectivity data, resulting in delays, downtime, and unnecessary risk and compliance exposure.”

An overview of application connectivity challenges

Below is a quick recap of some of the findings that should be of interest since they show how enterprise applications are exploding and the challenges providing connectivity represents: 33 percent reported their organization has more than 500 applications; and 74 percent said they will be deploying up to 100 new applications this year.

There is little standardization as to how organizations structure application connectivity processes.  Network Operations teams work mainly with Application Owners (30 percent), but other stakeholders include app developers (26 percent), other network engineers (16 percent). In addition, there are many other stakeholders to consider including consultants, VARs, apps vendors and possibly managed service providers which account together for 29 percent.

And, when it comes to determining connectivity requirements, 72 percent report they are given a list of ports to open, but 19 percent look it up on the Internet, 13 percent look at logs, and 9 percent rely on trial and error. In other words it is easy to see why there can be problems.

Other interesting finds include: 

  • 55 percent report that applications are not deployed correctly the first time, mainly (67 percent) due to incorrect or missing connectivity data. 
  • 33 percent say the Service level Agreement (SLA) for application-related firewall changes takes a week or more, with 81 percent believing it should take between 1-3 days.
  • When asked what would enable a faster SLA, 1/3 cited more accurate information from application owners, 26 percent said knowing what ports to open, and 24 percent said faster risk/compliance approvals.

Since as we all know time is money, having automated processes that enable smooth deployments and changes is key.

The final food for thought is when the survey asked about the impact this lack of connectivity has on security and compliance. Even as the firewall in a BYOD world has lost some of its importance for providing a high degree of enterprise protection from those with malicious intent, it is still the main and arguably the most critical part of risk management associated with online security. That said, the survey found:

  • Administrators often have no insight into why a rule was created: 41% either use the (limited) firewall comments field or rule base sections to document the business justification for a rule; 13% don't document at all.
  • 40% are not notified when an application is decommissioned.
  • 30% take a "best effort" approach to remove unneeded connections when an application is decommissioned.  1/6 of respondents do nothing to decommission applications.

"This survey highlights the fact that security engineers are having to adopt new processes on the fly - processes that require them to interact with a new set of stakeholders," said Reuven Harrison, CTO of Tufin.  "As a result they are not just changing who they work with but how they work. Anyone who has experienced this kind of change knows it is not easy.  That's why we are putting so much development effort into SecureApp. SecureApp provides a much needed application connectivity model on top of our network abstraction layer, enabling security teams to rise above any existing technology constraints and collaborate with other IT groups for a common goal - application delivery and business agility.”

Harrison’s point about the challenges is spot on. The complexity of IT job when it comes to security and compliance has increased exponentially in the past few years for all of the reasons we read about everyday—mobility, BYOD, the cloud, virtualization, distributed workforce, increased frequency and sophistication of cyber threats, much more stringent corporate governance and compliance, etc.  

Applications connectivity, as it relates to being plumbing may not be sexy but it is essential. As the survey says, the challenges are real, and the costs of not implementing best practices can be steep.

Edited by Alisen Downey
Related Articles

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More

3 Ways to Improve Your VR Projects

By: Ellie Martin    1/4/2018

There is no denying that VR is here and will most likely only increase in velocity as a terminal speed is yet to be even hypothesized. That is why it …

Read More