Nearly 4 out of 5 European businesses have already found savings by using cloud security to replace legacy security appliances and reduce bandwidth requirements, according to research conducted by Netskope, the SASE leader. Savings are coming from hardware and appliance replacement including VPNs (25%), reduced bandwidth needs (23%), and vendor consolidation (21%). Replacing costly firewalls (with Firewall-as-a-Service FWaaS) in particular has produced savings for 21% of IT teams.
The research was undertaken to investigate European CIO and CISO intentions and practices at a time of huge security and networking change. 99.5% of research respondents are undertaking network and security transformation projects in the next 5 years, and more than half are already underway or lined up for the next 12 months. The question the research looked to answer was; what does this mean in practice for teams, budgets, skills, and suppliers?
Ownership and funding: The first finding from the research was a lack of clarity over who should take responsibility - and pay - for key transformation projects and frameworks such as SASE and Zero Trust.
•One in three network and security teams are going to merge within the next two years, driven by a significant growth in cloud use which, according to CIOs and CISOs; “makes the separation of teams unhelpful”.
•92% of CIOs do not intend to converge network and security budgets, even when they merge the teams, potentially risking internal friction
•27% of IT leaders are moving responsibility and funding for network security to the security team to fund SASE and Zero Trust, but the same number (27%) is pushing security budgets in the other direction, handing them to network and infrastructure teams to fund a security-by-design approach.
•28% of survey participants decreed that SASE was owned by networking teams, with only 18% deeming it to be the responsibility of security and 31% saying it was shared
•Given this lack of market consistency, it is unsurprising that 28% of CIOs and CISOs expect network and security teams to continue to compete for ownership of projects.
Team and skills:
•With network and security converging, 67% of European IT teams will be reporting to both the CIO and CISO, either directly or through dotted line hierarchies.
•28% are growing or expect to grow their security team to service an expanded remit due to the organisation’s use of cloud.
•28% of organisations that have moved at least some of their security to the cloud reported having already made changes to the structure or staffing of the networking team, and 26% reported changes to their security team.
•46% of survey participants stated either that they are already struggling to find suitable candidates for their security roles or that they anticipate difficulty in future.
•38% plan to look for candidates outside of the cyber skills or IT markets and reskill, while 30% intend to move staff from networking, helpdesk and other internal teams
Neil Thacker, CISO EMEA at Netskope commented; “Two items really stood out for me from our research findings. The first is the universal intention among European organisations to transform network and security architectures. The second was that despite this goal being shared by 99.5% of CIOs and CISOs, there is no general consensus around how best to do this. A lot of resource and budget will be invested in the coming 24 months in the name of transformation, and there are huge cost savings and business improvements to be found. This is a once-in-a-career architectural transformation opportunity and it’s imperative that outcomes are not jeopardised by internal land-grabs, unnecessary bureaucracy and politics, or a simple lack of collaboration between professionals in network and security roles.”
Thacker continues; “Leaders seem to be saying they understand that their teams need to unite behind shared goals, but they need to ensure they eradicate the political divide that many organisations see across their IT and security teams today. SASE can be successfully implemented by separate network and security teams as long as they collaborate, but there remains a real risk that teams will be frustrated by disparate network and security systems that don’t provide a future-proof architecture that supports the overall company vision.”