Application Connectivity Bottlenecks Stem from Disconnect of App Owners and Network Managers, Tufin Survey Finds

By

Ever wonder why there is a problem when you install new applications and, to be polite, there are issues? The answer as to why lies in an interesting place, as has been revealed in a recent Tufin Technologies survey

For those unfamiliar, Tufin Technologies is a provider of Security Process Automation (SPA) solutions, which to many may seem like “plumbing,” but as with your home you know such solutions are important when they don’t work correctly. Previous Tufin surveys have shown that because application connectivity requirements drive the vast majority of firewall changes, managing application connectivity has become the number one firewall management challenge. 

The latest survey, conducted in April at InfoSecurity UK, sought to delve into the issue in a more granular fashion. The headline finding of the survey tells an interesting tale. The 105 IT professionals, ranging from network administrators to CIOs, reported, “Network security teams deploy applications based on incomplete or inaccurate connectivity data, resulting in delays, downtime, and unnecessary risk and compliance exposure.”

An overview of application connectivity challenges

Below is a quick recap of some of the findings that should be of interest since they show how enterprise applications are exploding and the challenges providing connectivity represents: 33 percent reported their organization has more than 500 applications; and 74 percent said they will be deploying up to 100 new applications this year.

There is little standardization as to how organizations structure application connectivity processes.  Network Operations teams work mainly with Application Owners (30 percent), but other stakeholders include app developers (26 percent), other network engineers (16 percent). In addition, there are many other stakeholders to consider including consultants, VARs, apps vendors and possibly managed service providers which account together for 29 percent.

And, when it comes to determining connectivity requirements, 72 percent report they are given a list of ports to open, but 19 percent look it up on the Internet, 13 percent look at logs, and 9 percent rely on trial and error. In other words it is easy to see why there can be problems.

Other interesting finds include: 

  • 55 percent report that applications are not deployed correctly the first time, mainly (67 percent) due to incorrect or missing connectivity data. 
  • 33 percent say the Service level Agreement (SLA) for application-related firewall changes takes a week or more, with 81 percent believing it should take between 1-3 days.
  • When asked what would enable a faster SLA, 1/3 cited more accurate information from application owners, 26 percent said knowing what ports to open, and 24 percent said faster risk/compliance approvals.

Since as we all know time is money, having automated processes that enable smooth deployments and changes is key.

The final food for thought is when the survey asked about the impact this lack of connectivity has on security and compliance. Even as the firewall in a BYOD world has lost some of its importance for providing a high degree of enterprise protection from those with malicious intent, it is still the main and arguably the most critical part of risk management associated with online security. That said, the survey found:

  • Administrators often have no insight into why a rule was created: 41% either use the (limited) firewall comments field or rule base sections to document the business justification for a rule; 13% don't document at all.
  • 40% are not notified when an application is decommissioned.
  • 30% take a "best effort" approach to remove unneeded connections when an application is decommissioned.  1/6 of respondents do nothing to decommission applications.

"This survey highlights the fact that security engineers are having to adopt new processes on the fly - processes that require them to interact with a new set of stakeholders," said Reuven Harrison, CTO of Tufin.  "As a result they are not just changing who they work with but how they work. Anyone who has experienced this kind of change knows it is not easy.  That's why we are putting so much development effort into SecureApp. SecureApp provides a much needed application connectivity model on top of our network abstraction layer, enabling security teams to rise above any existing technology constraints and collaborate with other IT groups for a common goal - application delivery and business agility.”

Harrison’s point about the challenges is spot on. The complexity of IT job when it comes to security and compliance has increased exponentially in the past few years for all of the reasons we read about everyday—mobility, BYOD, the cloud, virtualization, distributed workforce, increased frequency and sophistication of cyber threats, much more stringent corporate governance and compliance, etc.  

Applications connectivity, as it relates to being plumbing may not be sexy but it is essential. As the survey says, the challenges are real, and the costs of not implementing best practices can be steep.




Edited by Alisen Downey
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More