Around three-quarters of organisations believe that their current change management processes could put them at risk of a security breach.
In a survey by Tufin Technologies of 100 network security professionals, 75 per cent said they are at risk of a breach due to their current change management processes, while 84 per cent said they have no way of knowing when a firewall rule needs to be recertified. A further 41 per cent said they do not know when a firewall needs to be decommissioned.
The main reason given for 'cheating' on an audit was lack of time, followed by the parameters of the audit being irrelevant to the business and concerns that the network security team's reputation would be damaged.
The survey also found that only seven per cent automate the firewall audit process; as a result, 40 per cent of respondents spend up to a month or more a year on firewall audits.
Shaul Efraim, vice-president of marketing and business development at Tufin Technologies, said: “This year's survey reveals that, more than budget constraints or any other factor, time is the security manager's most precious resource. We were surprised to learn that half the sample is still doing basic tasks manually such as tightening up permissive rules, looking for shadowed rules or recertifying rules.
“There is no benefit to having experienced administrators spend their days searching for needles in haystacks. Automating these tasks saves a significant amount of time and money, dramatically increases the accuracy and efficiency of operations, and improves the organisation's overall network security posture.
“With 86 per cent of those surveyed managing or planning to manage next generation firewalls in the next 12 months, the time to do it is now.”