The pressures on modern day IT staff has been revealed after 1 in 10 surveyed by firewall management vendor Tufin Technologies admitted to cutting corners in order to get an audit passed.
The results of the latest survey (PDF), which included responses from 242 IT pros that were mostly from organisations with 1,000 to 5,000 or more employees, is actually an improvement compared to last year’s study, which found twice as many had cheated. Those who cheated cited a lack of time and resources as the main reasons.
“Of the 10 percent who admitted to cheating on an audit, half of them cited time restraints and 22 percent cited resource constraints,” explained Shaul Efraim, vice president of products, marketing and business development at Tufin. “Eleven percent cited that they didn’t see the point of doing the audit and 11 percent had other reasons which they didn’t elaborate on.”
“There are many inherent challenges to firewall auditing,” he said. “How would a firewall engineer be able to handle a rule base of hundreds, if not thousands, of rules? How would they know which rules are needed and which are not…I doubt that these people actually cheated. I suspect they did the best they could with the time and information and tools that they had and then said they did an audit, although they knew that their audit was very incomplete.”
Similarly, Gartner analyst Greg Young said the 10 percent figure seems pessimistic for having to deal with exceptions and brush them under the carpet knowing they may fall outside the norm but are either an accepted or necessary risk or something that looks risky but isn’t.
“As for actual cheating in order to slip something past the auditors or management for evil purposes, I think that is pretty rare and not (one in 10),” he said. “Motivation is everything – if it is an MSSP or contractor I would say they let a lot more slip by as well or claim a rosier picture.”
According to the survey, 31 percent of the respondents audit their firewalls annually, and seven percent said they never do. More than one-third (36 percent) admitted their firewall rule bases are a mess, increasing their susceptibility to hackers, network crashes and compliance violations.
“If you have had a firewall in place for 10 years, it is more likely than not that you have been adding rules on a regular basis but not deleting them out of fear the one rule they delete will cause a business continuity issue,” Efraim said. “As a result, rule bases become bloated with hundreds to thousands of rules…(auditing) can be a real needle-in-a-haystack endeavour that can be virtually impossible to pinpoint without automation.”
E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…
Supreme Court in US on Friday is to hear oral arguments that could well decide…
Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…
As US ban looms this month, TikTok faces a buyout offer for its US assets…
Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…
Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…