54 Percent of companies are currently implementing network and security transformations
Almost four out of five European companies have already achieved savings by using cloud security solutions by replacing old security applications and reducing bandwidth requirements.
This is one of the results of a study conducted by the SASE specialist Netskope . The savings come from replacing hardware and appliances, including VPNs (25%), reducing bandwidth requirements (23%) and consolidating vendors (21%). In particular, the replacement of expensive firewalls (with firewall-as-a-Service/FWaaS) has led to savings for 21 percent of IT teams.
The aim of the study was to determine the strategies, expectations and measures of European CIOs and CISOs at a time of enormous changes in the field of security and networks. Over the next five years, 99.5 percent of respondents are planning projects to transform networks and security. More than half of the respondents (54%) have already started corresponding projects or are planning them for the next twelve months. Therefore, the study wanted to clarify the question of what this means in practice for teams, budgets and suppliers.
Responsibility and financing
A key result of the investigation is the lack of clarity about who should take responsibility for important transformation projects and frameworks such as SASE and Zero Trust and pay for them.
- In every third company, the network and security teams will be merged in the next two years due to the rapidly increasing use of the cloud. According to many CIOs and CISOs, “the separation of the teams does not make sense”.
- 92 Percent of CIOs do not intend to merge the network and security budgets, even if the teams merge. This can lead to internal conflicts.
- 27 Percent of IT leaders are shifting responsibility and funding for network security to the security team to realize SASE and Zero Trust. However, the same number are shifting security budgets in the other direction: network and infrastructure teams are receiving these funds to finance a security-by-design approach.
- 28 Percent of CIOs see the responsibility for SASE among network teams and 18 percent among security teams, while 31 percent see it as a common task.
- Given this lack of consistency, it is not surprising that 28 percent of CIOs and CISOs expect that network and security teams will continue to compete for responsibility for projects.
Specialists and recruitment:
- 67 Percent of European IT teams report to both the CIO and the CISO. However, 27 percent of the companies surveyed do not have a CISO in their company, in Germany even 31 percent.
- Just over one in four companies (28%) is expanding their security team or expects that it will grow due to the use of the cloud to cover the expanded scope of tasks.
- 28 Percent of companies that have moved at least part of their security to the cloud have already made changes to the structure or staffing of the network team. Changes in the security teams occurred in 26 percent of the companies.
- Almost every second company (46%) is already struggling to find suitable candidates or expects to do so in the future.
- 38 Percent of IT managers intend to search for applicants outside the cyber skills or IT market and train or retrain them. 30 Percent plan to transfer employees from the network area, helpdesk and other internal teams.
“Two points stood out to me from our research results in particular. The first is the general intention of European companies to change their network and security architectures. Secondly, although this goal is shared by 99.5 percent of CIOs and CISOs, there is no general consensus on how best to achieve it, ” explains Neil Thacker, CISO EMEA of Netskope. “In the next 24 months, significant resources and budgets will be invested in the name of transformation to achieve enormous cost savings and operational improvements. This is a unique opportunity for a fundamental architectural transformation. However, it is imperative that the results are not jeopardized by internal trench warfare, unnecessary bureaucracy or a simple lack of cooperation between network and security teams.“
In the context of network and security transformation, cooperation is particularly important. “Leaders seem to understand that their teams need to unite behind common goals. However, they need to eliminate the political gap that still exists in many companies between IT and security teams,“ says Thacker. “SASE can be successfully implemented by separate network and security teams as long as they work together. Nevertheless, there is a risk that the teams will be frustrated by inconsistent network and security systems that do not offer a future-proof architecture and common goals.“
About the study
The study was conducted in October 2021 by Censuswide on behalf of Netskope. 700 IT professionals in Germany and the UK were surveyed. The participants are all CIOs, CISOs or IT directors in companies with more than 5,000 IT users.