Security Policies Hampered by Limited Visibility, Manual Processes
Almost 20 percent of respondents raised the issue of poor communication among key stakeholders across development, security and operations groups.Understanding risk from a business perspective is a top network security concern for organizations, according to a survey of 142 information security and network operations professionals, application owners and compliance officers conducted by network security specialist AlgoSec during the RSA Conference in February. Nearly two-thirds of respondents reported that manual processes, limited visibility into security policies and poor change management practices posed the greatest challenge when managing network security devices. Almost 20 percent of respondents raised the issue of poor communication among key stakeholders across development, security and operations groups, an 80 percent increase from last year. The inevitable mistakes that arise in this environment create consequences for a growing number of organizations, with more than 80 percent experiencing network or application outages as a result of out-of-process changes, up from just over half in 2012, the report found.
"Recent high-profile cyber-attacks have quickly elevated security discussions to the board level at many organizations. This requires a fundamental shift in how security professionals think and communicate," said Nimmy Reichenberg, vice president of marketing and strategy, AlgoSec. "The survey results underscore the need for security teams to understand business requirements to ensure agility as well as to understand the impact of vulnerabilities on the business for effective risk mitigation."