Security Departments Focus on Network Speed over Network Protection

Many years ago, I had a friend who liked to brag about how he had improved his computer speed. He was always adding memory and getting the latest gadgets and upgrades to make his computer system work as fast as it possibly could.

I thought of my friend after reading a survey conducted by Crossbeam Systems, which polled nearly 500 network security, IT and C-level executives at global enterprises and service providers and found that IT security personnel within large corporations are shutting off critical functionality in security applications to meet network performance demands for business applications.

According to the survey, 81 percent of these companies are putting network speed over security functionality. At a time when companies are being targeted by hacking groups and other cyber criminals, that number is alarming. As Crossbeams Systems stated, this "security for speed" trade-off puts employees, customers, partners and other constituents at risk in order to meet business demands.

In a press release, Chris Christiansen, program vice president for IDC security products and services, stated:

The survey results are another proof-point for what has become a growing issue in the industry — the challenge of managing security performance. The findings suggest the problem may be far greater than generally perceived, and it serves as a call to action for IT security personnel to take the time to test their solutions under real-world conditions, hold their security vendors accountable for the performance of their products, and gain a true understanding of their network requirements.

A few other findings from the survey included:

• IT security personnel are not testing security products under real-world conditions — Survey results showed a surprising 42 percent of respondents did not test the security solutions they were evaluating under real-world traffic loads. Among those that have conducted real-world tests, many of the basic security functions, such as intrusion prevention capabilities enabled with recommended policies, were not included.
• IT security personnel do not plan for the long term — The massive growth in data traffic demands, caused in part by the use of smartphones, tablets and other personal mobile devices to share multi-media, high-bandwidth content, is forcing IT personnel to anticipate their performance needs years in advance in order to build scalable and secure networks. Yet, survey results reveal a surprisingly low number of IT personnel at major corporations are thinking beyond the short term. Just over half (51 percent) report that they only evaluate their performance needs less than a year to 24 months in advance.