EMA Survey: network security policy management enhances business continuity, cloud migrations

Leading US Analyst Firm, Enterprise Management Associates (EMA) recently conducted a survey to understand the benefits gained from network security policy management (NSPM) solutions. The survey revealed that NSPM solutions help deliver more consistent security policies, which led to fewer attack surfaces, shorter change approval and implementation processes, fewer change-related outages and more successful business continuity and disaster recovery testing.

Conversely, organizations that did not use NSPM solutions had significant issues with poorly-implemented and non-standardized security policies, and failed cloud migrations for critical business applications.

Some key highlights from the report include:

• Problem-free change processes: NSPM solutions drastically reduced the number of problems organizations faced during security policy change processes, with 81% of respondents reporting that more than 90% of their change windows were problem-free. However, respondents that relied on manual processes to manage their security policies experienced an average of 50% more incidents, such as outages or device misconfigurations, caused by security device configuration errors. 

• Security policy change processes down to 1 day: NSPM solutions reduced the time it took to process a security policy change to just one day, down from 12 days if done manually. 43% of organizations who did not use NSPM solutions spent 5 – 10 hours per firewall, per quarter manually inspecting their security policies. Only 9% of organizations using NSPM solutions spent this amount of time inspecting their security policies due to optimized change management processes.

• NSPM prevents application outages: 64% of respondents said that using NSPM prevented application outages caused by device misconfigurations, while 37% said it helped reduce outage investigation time. In contrast, 34% of those relying on manual processes reported that security device misconfigurations were the primary cause of outages.

• NSPM improves security posture: 57% of respondents stated that NSPM solutions reduced the frequency of security incidents, and 41% stated that NSPM solutions reduced the time it took to investigate security incidents. A further 26% said that NSPM solutions helped prevent ransomware from spreading, while 23% of respondents stated that using an NSPM solution for post-change verification enabled them to identify improperly executed or unauthorized changes.

In contrast, organizations not using NSPM solutions reported between 46% – 59% more occurrences of incidents stemming from incorrectly implemented changes (depending on the volume of changes at the organization). Additionally, 58% said the inability to maintain standardized policies was a ‘significant to very significant’ factor in security or operations incidents.

You can read more in the information-packed summary report, which is available from AlgoSec’s website. The full report is available from Enterprise Management Associates here.