Network security has evolved into a complex challenge, especially for organizations deploying multiple cybersecurity products. Remote work has dramatically expanded the attack surface, and the rapid expansion of cloud environments and cloud-based applications has increased efficiency, yet also created new opportunities for attackers.
To address these challenges, many organizations are rethinking their network security approaches. A new research study by CyberRisk Alliance suggests that in most cases, respondents want their existing solutions and strategies to be more cohesive, built around legacy hardware, and better aligned with their organization’s existing needs and circumstances.
Converged network security, also known as secure service edge (SSE) (originally coined by Gartner), has emerged as an effective, streamlined way to implement multiple capabilities without adding to the complexity of existing security environments. These integrated, cloud-centric capabilities include zero-trust network access (ZTNA), cloud secure web gateways (SWGs), cloud access security brokers (CASBs), and firewall as a service (FWaaS).
CRA’s survey of research into 300 organizations found that companies face network security challenges at every turn: from phishing to misconfigurations and remote workforces to insufficient IT security staff. In response, organizations have deployed multiple security solutions, but respondents often described these as disjointed and ineffective, leaving them with significant concerns about internal and external threats and vulnerabilities.
Among the CRA survey’s top findings around network security:
Remote access and tool sprawl are still major concerns
The top two challenges in managing network security are securing remote access (indicated by 46% of respondents) and managing multiple security tools and vendors (39%). Respondents frequently cited these issues in describing their priorities and biggest obstacles.
Companies plan to spend on network security this year
To secure remote work, many organizations have deployed VPNs together with email, application and endpoint-security tools. A large majority of respondents (82%) expect their organizations to increase network security budgets in the coming year. ZTNA, CASB, and DDoS protection are the top planned solutions and likely to be included in these investments.
Security pros are not happy with the existing available products
Respondents perceive a gap between what they want from network security products and what they currently deliver, particularly in fast deployment, scalability, and end user experience.
While many see value in SSE, adoption still lags
Respondents see value in SSE, with 77% deeming it very or extremely important. However, adoption of these security capabilities is low at only 10%. And while 54% of respondents said they knew a lot about SSE through research or evaluation, 46% said they knew only a little or were unfamiliar with the concept.
Low SSE adoption rates could change this year
The majority of respondents said their organizations had some intention to explore, if not purchase, SSE in the next 12 months. More than two-thirds (68%) said their organizations would likely consider a purchase, 63% reported a likelihood to research the solution, and 45% indicated plans to purchase.
Security pros want SSE to add network efficiencies and help them deploy ZTNA
Respondents cited numerous drivers for adopting an SSE solution, including protection of data and cloud-related assets, support for remote workers, and simplified implementation. The opportunity to implement ZTNA, which 51% of respondents said their organizations were planning or considering, was another top driver.
Many companies see SSE as an opportunity to reduce tool sprawl, particularly in relation to remote work and ongoing changes to the organization’s cloud migration. Smaller organizations simply can’t afford the people to manage all these tools, so all the integrated tools in SSE offer a way to reduce the network’s complexity and keep the company secure.