Application Connectivity Bottlenecks Stem from Disconnect of App Owners and Network Managers, Tufin Survey Finds

By Peter Bernstein June 12, 2013

Ever wonder why there is a problem when you install new applications and, to be polite, there are issues? The answer as to why lies in an interesting place, as has been revealed in a recent Tufin Technologies survey

For those unfamiliar, Tufin Technologies is a provider of Security Process Automation (SPA) solutions, which to many may seem like “plumbing,” but as with your home you know such solutions are important when they don’t work correctly. Previous Tufin surveys have shown that because application connectivity requirements drive the vast majority of firewall changes, managing application connectivity has become the number one firewall management challenge. 

The latest survey, conducted in April at InfoSecurity UK, sought to delve into the issue in a more granular fashion. The headline finding of the survey tells an interesting tale. The 105 IT professionals, ranging from network administrators to CIOs, reported, “Network security teams deploy applications based on incomplete or inaccurate connectivity data, resulting in delays, downtime, and unnecessary risk and compliance exposure.”

An overview of application connectivity challenges

Below is a quick recap of some of the findings that should be of interest since they show how enterprise applications are exploding and the challenges providing connectivity represents: 33 percent reported their organization has more than 500 applications; and 74 percent said they will be deploying up to 100 new applications this year.

There is little standardization as to how organizations structure application connectivity processes.  Network Operations teams work mainly with Application Owners (30 percent), but other stakeholders include app developers (26 percent), other network engineers (16 percent). In addition, there are many other stakeholders to consider including consultants, VARs, apps vendors and possibly managed service providers which account together for 29 percent.

And, when it comes to determining connectivity requirements, 72 percent report they are given a list of ports to open, but 19 percent look it up on the Internet, 13 percent look at logs, and 9 percent rely on trial and error. In other words it is easy to see why there can be problems.

Other interesting finds include: 

  • 55 percent report that applications are not deployed correctly the first time, mainly (67 percent) due to incorrect or missing connectivity data. 
  • 33 percent say the Service level Agreement (SLA) for application-related firewall changes takes a week or more, with 81 percent believing it should take between 1-3 days.
  • When asked what would enable a faster SLA, 1/3 cited more accurate information from application owners, 26 percent said knowing what ports to open, and 24 percent said faster risk/compliance approvals.

Since as we all know time is money, having automated processes that enable smooth deployments and changes is key.

The final food for thought is when the survey asked about the impact this lack of connectivity has on security and compliance. Even as the firewall in a BYOD world has lost some of its importance for providing a high degree of enterprise protection from those with malicious intent, it is still the main and arguably the most critical part of risk management associated with online security. That said, the survey found:

  • Administrators often have no insight into why a rule was created: 41% either use the (limited) firewall comments field or rule base sections to document the business justification for a rule; 13% don't document at all.
  • 40% are not notified when an application is decommissioned.
  • 30% take a "best effort" approach to remove unneeded connections when an application is decommissioned.  1/6 of respondents do nothing to decommission applications.

"This survey highlights the fact that security engineers are having to adopt new processes on the fly - processes that require them to interact with a new set of stakeholders," said Reuven Harrison, CTO of Tufin.  "As a result they are not just changing who they work with but how they work. Anyone who has experienced this kind of change knows it is not easy.  That's why we are putting so much development effort into SecureApp. SecureApp provides a much needed application connectivity model on top of our network abstraction layer, enabling security teams to rise above any existing technology constraints and collaborate with other IT groups for a common goal - application delivery and business agility.”

Harrison’s point about the challenges is spot on. The complexity of IT job when it comes to security and compliance has increased exponentially in the past few years for all of the reasons we read about everyday—mobility, BYOD, the cloud, virtualization, distributed workforce, increased frequency and sophistication of cyber threats, much more stringent corporate governance and compliance, etc.  

Applications connectivity, as it relates to being plumbing may not be sexy but it is essential. As the survey says, the challenges are real, and the costs of not implementing best practices can be steep.

Edited by Alisen Downey
Related Articles

5 Influential African-Americans In Tech

By: Special Guest    3/19/2018

It's no secret that Silicon Valley has a problem with diversity. Apart from being male-dominated, most of its workforce is white or Asian, with whites…

Read More

FTC's Mobile Security Updates and Recommendations on Mobile Device Security

By: Special Guest    3/19/2018

The lessons learned apply to any wireless-enabled device, including consumer smartphones, corporate-owned devices, Internet of Things (IoT), watches, …

Read More

The World is His Oyster: Connected Solutions Enable Daniel Ward to See Food

By: Paula Bernier    3/16/2018

Fresh seafood can taste great, but if it is not handled properly, people can get sick, and that can lead to business closures and lost revenues. That'…

Read More

How to Get Ready for GDPR if You've Waited Until the Last Minute

By: Special Guest    3/14/2018

With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their bu…

Read More

How Fintech is Helping Create Global Businesses

By: Special Guest    3/14/2018

The growth of Fintech probably has not escaped your attention. Whether you're a customer making contactless payments or an investor weighing up CFD tr…

Read More