Application Connectivity Bottlenecks Stem from Disconnect of App Owners and Network Managers, Tufin Survey Finds

By Peter Bernstein June 12, 2013

Ever wonder why there is a problem when you install new applications and, to be polite, there are issues? The answer as to why lies in an interesting place, as has been revealed in a recent Tufin Technologies survey

For those unfamiliar, Tufin Technologies is a provider of Security Process Automation (SPA) solutions, which to many may seem like “plumbing,” but as with your home you know such solutions are important when they don’t work correctly. Previous Tufin surveys have shown that because application connectivity requirements drive the vast majority of firewall changes, managing application connectivity has become the number one firewall management challenge. 

The latest survey, conducted in April at InfoSecurity UK, sought to delve into the issue in a more granular fashion. The headline finding of the survey tells an interesting tale. The 105 IT professionals, ranging from network administrators to CIOs, reported, “Network security teams deploy applications based on incomplete or inaccurate connectivity data, resulting in delays, downtime, and unnecessary risk and compliance exposure.”

An overview of application connectivity challenges

Below is a quick recap of some of the findings that should be of interest since they show how enterprise applications are exploding and the challenges providing connectivity represents: 33 percent reported their organization has more than 500 applications; and 74 percent said they will be deploying up to 100 new applications this year.

There is little standardization as to how organizations structure application connectivity processes.  Network Operations teams work mainly with Application Owners (30 percent), but other stakeholders include app developers (26 percent), other network engineers (16 percent). In addition, there are many other stakeholders to consider including consultants, VARs, apps vendors and possibly managed service providers which account together for 29 percent.

And, when it comes to determining connectivity requirements, 72 percent report they are given a list of ports to open, but 19 percent look it up on the Internet, 13 percent look at logs, and 9 percent rely on trial and error. In other words it is easy to see why there can be problems.

Other interesting finds include: 

  • 55 percent report that applications are not deployed correctly the first time, mainly (67 percent) due to incorrect or missing connectivity data. 
  • 33 percent say the Service level Agreement (SLA) for application-related firewall changes takes a week or more, with 81 percent believing it should take between 1-3 days.
  • When asked what would enable a faster SLA, 1/3 cited more accurate information from application owners, 26 percent said knowing what ports to open, and 24 percent said faster risk/compliance approvals.

Since as we all know time is money, having automated processes that enable smooth deployments and changes is key.

The final food for thought is when the survey asked about the impact this lack of connectivity has on security and compliance. Even as the firewall in a BYOD world has lost some of its importance for providing a high degree of enterprise protection from those with malicious intent, it is still the main and arguably the most critical part of risk management associated with online security. That said, the survey found:

  • Administrators often have no insight into why a rule was created: 41% either use the (limited) firewall comments field or rule base sections to document the business justification for a rule; 13% don't document at all.
  • 40% are not notified when an application is decommissioned.
  • 30% take a "best effort" approach to remove unneeded connections when an application is decommissioned.  1/6 of respondents do nothing to decommission applications.

"This survey highlights the fact that security engineers are having to adopt new processes on the fly - processes that require them to interact with a new set of stakeholders," said Reuven Harrison, CTO of Tufin.  "As a result they are not just changing who they work with but how they work. Anyone who has experienced this kind of change knows it is not easy.  That's why we are putting so much development effort into SecureApp. SecureApp provides a much needed application connectivity model on top of our network abstraction layer, enabling security teams to rise above any existing technology constraints and collaborate with other IT groups for a common goal - application delivery and business agility.”

Harrison’s point about the challenges is spot on. The complexity of IT job when it comes to security and compliance has increased exponentially in the past few years for all of the reasons we read about everyday—mobility, BYOD, the cloud, virtualization, distributed workforce, increased frequency and sophistication of cyber threats, much more stringent corporate governance and compliance, etc.  

Applications connectivity, as it relates to being plumbing may not be sexy but it is essential. As the survey says, the challenges are real, and the costs of not implementing best practices can be steep.

Edited by Alisen Downey
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More