BackBox has released the results of its "2023 Network Operations and Security Survey," conducted by Wakefield Research. This survey of 250 Network Operations and Security professionals at companies with 500 or more employees was completed last month. The results show the frustration felt by these key IT professionals due to the increase in network update velocity and tech stack sprawl, a lack of support from leadership, along with disagreements and concerns around the approach to fixing network issues.

Network and security device updates are crucial, but they are time-consuming and prone to human error when managed manually. The vast majority of network security and operations pros (92%) say there are more network updates needed than they can keep up with. And 98% agree that automated network operations will allow their team to focus on more impactful work. In addition, 96% of respondents say that scaling the business is impossible without network automation.

While 61% of companies only upgrade network and security devices quarterly or less frequently, almost half (48%) of survey respondents say their company has not implemented or invested deeply in network automation, opening them up to security breaches and other serious issues.

"Network operations professionals must stay ahead of malicious actors by keeping every network and security device up to date and configured according to internal policy or best practice standards like the Center for Internet Security Benchmarks," said Andrew Kahl, CEO of BackBox. "A rigorous backup strategy for these devices is also critical to ensure fast recovery in the event of an outage. But lacking the tools to execute these preventative tasks at scale, and without interrupting daily network operations, netops teams tend to let them drop to the bottom of their to-do list."

Other key findings from the survey report include:

Trust Issues

As automation becomes increasingly necessary, network professionals are not confident they can implement it without disruptions, and that leadership will support their efforts. In fact, 93% indicate there is something they dislike about their company's approach to network automation.

The most common issue they cite about their company's current approach is that it's difficult to add new automations without impacting current operations. More than three in four (76%) do not completely trust their organization's current approach to automating network changes. In addition, 33% say their leadership is skeptical of automation.

However, among respondents that have implemented or invested deeply in network automation, 83% are mostly or completely confident in their ability to rapidly restore their network from backup within a few minutes of an outage or misconfiguration.

Reactive Approaches

Among those who have network issues that require manual work, more than three in four (76%) agree their team often addresses these by fixing the immediate problem and not addressing the root cause. That number jumps to 93% for companies that haven't invested deeply in automation. Postponing updates means leaving known vulnerabilities in the network- making a breach all but inevitable. A majority (64%) of those that have not implemented or invested deeply in network automation say their most recent breach was the result of a known vulnerability.

Tech Sprawl

On average, network security and operations professionals make use of four tools for network automation, including nearly half (45%) who use five or more. Leveraging so many tools results in a siloed approach to management and a fragmented response in disaster recovery scenarios, and leaves leadership without a unified view of automation strategy and outcomes.

As tech stacks grow, it becomes more difficult to keep networks up to date, and larger companies are less likely to maintain updates than their smaller-sized colleagues. In fact, 68% of those with 1,000 or more employees only update their network and security devices quarterly or less often, compared to 53% of companies with 500-999 employees.

A record 26,448 software security flaws were reported in 2022, with the number of critical vulnerabilities up 59% from 2021, according to an analysis by The Stack on Common Vulnerabilities and Exposures (CVEs) data.

"These numbers are the equivalent of a new CVE being identified every 20 minutes and illustrate the pressure to regularly update device operating systems to patch vulnerabilities," said Josh Stephens, CTO of BackBox. "I recommend that companies automate the deployment of patches and upgrades for firewalls and other network devices as a part of a weekly schedule, with the ability to inject high-priority upgrades in near real-time, as a part of their network automation and cybersecurity strategies."

Talent Retention

Overcoming barriers to increasing network automation may be difficult, but it is crucial to make the most of network security and operations professionals' expertise. Nearly all pros (98%) agree it will allow their team to focus on more impactful work.

Despite their frontline role safeguarding all aspects of an organization's operations, network professionals can feel taken for granted - 92% feel their team is overlooked compared to other IT teams in their contributions to ensuring company security.

View the full survey results here.