In an increasingly connected world, a growing number of companies operate across multiple sites, often great distances away from HQ (headquarters) and each other. InfoSec professionals and Network Information Security decision makers in companies worldwide face the serious challenges of managing and protecting the networks that link these sites, and delivering coherent communication, high performance seamless access and effective data protection across the board.
Methodology
Kaspersky commissioned a global market research study, surveying 1,000 Network and Information Security decision makers across six regions to gain a deeper insight into the challenges faced by experts working in geographically distributed companies as well as the solutions they employ to overcome them.
Respondents from various regions such as the Americas (USA, Brazil, Chile, Columbia, Mexico,) Europe (France, Germany, the UK, Spain), the Middle East, Turkey & Africa (Saudi Arabia, South Africa, Turkey, United Arab Emirates) Russia and Asia-Pacific (Singapore, China, Japan, India, Indonesia, Malaysia) were questioned in the survey.
|
Regional spread |
APAC – 30% Americas – 25% Europe – 20% MEТA – 20% Russia – 5% |
|
Company size |
38% – companies with 500-999 employees 62% – companies with more than 1000 employees operating |
|
Operating |
27% – across three sites 27% – across four of five sites 46% – more than five sites |
Key Findings
- The biggest challenge for geo-distributed businesses was building and maintaining a coherent IT infrastructure across multiple sites according to 37% of companies. Problems with comprehensive information security across all assets and processes were the second most difficult issue (24%).
- Staff from HQ played a key role in supporting teams at local sites in 69% of geo-distributed companies. However, local employees’ involvement was also significant, with 58% of respondents stating that they contributed a great deal to supporting IT and information security processes.
- Two out of five (40%) geo-distributed organizations experienced network problems at least twice a month.
- Network failures or outages were an issue for 55% of companies, while 45% experienced loss of connectivity and poor performance in their services and applications.
- More than three-quarters (82%) of companies need over an hour to restore network connections while 12% of them take an entire working day or even longer.
- According to the research, 47% of geo-distributed companies reported an “extremely high” level of information security for HQ, with a smaller percentage (29%) indicating branch offices received the same protection.
- IT development was kept in-house by 94% of multi-site organizations, with data and code hosted in a private cloud (64%) or in a hybrid cloud (58%).
- Among the companies developing IT in-house, 79% used container environments to do so, but 21% of them did not have any container security solutions in place.
- Most respondents (85%) that developed their IT using container environments had experienced cybersecurity incidents involving containers and/ or Kubernetes in the last 12 months, resulting in financial losses for 38% of these organizations.
Challenges facing geo-distributed companies
Running a coherent, multi-site strategy involves a number of potential problem areas: network configurations and security policies, procedures, people and communication, location and local regulations, infrastructure and channels’ capacity, and cybersecurity.
When asked to name the main challenges arising from operating geo-distributed companies, respondents clearly prioritized technological aspects. The most important one globally was building and maintaining a coherent IT infrastructure across multiple sites (37%), followed by comprehensive information security across all assets and processes within their company (24%).
What do you see as the three top challenges faced by your organization when it comes to managing all of your sites in a coherent way?
Examining the IT infrastructure and information security hurdles in multi-site operations, detection and response to cybersecurity incidents emerged as the greatest challenges, as cited by most respondents (42%). Nonetheless, it is merely one aspect in a long list of critical tasks network security specialists need to accomplish successfully to prevent their multi-site networks from becoming a liability for their organization.
Seamless teamwork (39%), and monitoring the effective implementation of security measures (38%) played important roles when addressing cybersecurity issues across multiple sites. More than one third of global network security professionals also named building a cohesive security policy (36%), setting up and integrating new sites (35%), and finding and hiring staff with the right qualifications (34%) as challenges they faced.
Thinking specifically about IT infrastructure and information security issues: What are the specific challenges in these areas faced by businesses working across multiple sites?
Tools and solutions used:
A highly diverse set of skills and solutions need to come together to guarantee geo-distributed networks deliver on their promise of effective cohesion. This involves delivering robust protection against unauthorized access and attack, continuously monitoring security and performance, providing local incident response support, and setting up and protecting internal IT development. The feedback gathered from network security decision makers globally provides valuable insights into the way these important issues are being tackled.
Centrally collecting and controlling IT Security information across multiple sites requires a set of tools: VPN was by far the most commonly utilized, with 75% of companies globally deploying it. The more sophisticated tools like SD-WAN (49%), SIEM (41%) and XDR (39%) were used by less than half of geo-distributed organizations.
Does your organization have any of the following tools, designed to centrally collect and control IT Security information for your sites?
Interestingly, the use of these more advanced tools is not dependent on the number of sites within the network or the size of the company – it is a direct reflection of the presence of a dedicated cybersecurity specialist whose role is entirely focused on cyber-defense. Evidence of showed 65% of companies surveyed who had a dedicated cybersecurity specialist used SD-WAN, 53% used SIEM and 50% used XDR. On the upside, only 2% of organizations with multi-site networks lacked of these tools.
Shared responsibilities:
Although staff from the HQ said they play a key role in supporting IT teams at local sites (in 69% of geo-distributed companies), local staff (58%) and third-party providers (43%) also made a big contribution in supporting local IT and information security processes.
When it comes to problem resolution, the picture hardly changed: staff from HQ carry the responsibility in 63% of companies, local staff in 58%, and third-party providers in 39% of businesses.
Who is involved in supporting IT and information security processes at local sites?
When local IT network or security problems arise, who is responsible for resolving them?
Network problems encountered while maintaining multi-site infrastructure
Connecting new sites
Bringing new sites online and making them part of a coherent network infrastructure was regarded by 82% of those driving network security as “very or fairly fast and easy”. And those in more senior network security specialist roles were more confident that they could integrate new sites quickly and easily (85% C-suite CIS).
How would you describe the speed and ease of connecting new sites to your organization’s network?
The most typical IT and IT Security issues encountered when connecting new sites to a network were the implementation of a consistent IT security policy (48%) and maintaining traffic quality in existing structures (46%). Adequate bandwidth of communication channels and the reliability of hardware configurations were problems indicated by 39% of them.
What are the typical IT and IT Security issues you face (whether these are easy to resolve or not) when connecting new sites to your network?
It is noteworthy that those who reported bringing new sites online is complex and slow were significantly less likely to experience issues with employees physically accessing the branch infrastructure on a regular basis (29% vs 36% of those saying “fast and easy”).
Supporting existing infrastructure
Once the networks have been brought online, problems related to the multi-site structure of organizations are common: 40% of surveyed companies experienced these difficulties worldwide at least twice a month.
How often do you encounter network problems related to the multi-site structure of your organization?
The most common problem was network failures or outages (55%). Loss of connectivity was experienced by 45% of respondents, and the same number (45%) experienced poor performance of services and applications. More than half (54%) of those dealing with network outages faced this issue at least once a month, and as many as one in ten, once a week or more often.
What kind of network problems do you face on these occasions?
When it comes to restoring their networks post-failure / outage, only 18% managed to reconnect in less than one hour, more than a third (34%) took at least two hours and more than one in ten (12%) needed a day or longer. Companies with dedicated network security specialists performed a little better (23% restored their networks within one hour), as did those with networks across more than five sites (22%).
How long does it typically take you to restore the network after a failure or an outage?
Keeping hardware up to date is essential to supporting network performance, yet nearly one third (31%) of companies said they did not exchange their routers and CPEs frequently, or that they had no formal replacement schedule at all. Only 41% ran annual replacement schemes for this type of hardware.
How are you managing the replacement of your routers / CPE (Customer Premises Equipment)?
“As we can see, bringing new sites online is just the beginning of a complex journey for many geo-distributed companies. Not surprisingly, so are the challenges they often face further down the road: inconsistent security policies, network failures, and poor service performance. Given the importance of network infrastructure for modern businesses, any network downtime and IT issues carry a huge risk that can lead to reputational and financial losses. Fortunately, technologies like SD-WAN offer a solution to these challenges, a path already taken by many businesses.” – Maxim Kaminsky, Business Development Manager, Secure Access Service Edge, Kaspersky
Protection from cyberthreats: is it equally effective in branch offices as it is at HQ?
A key issue with building a coherent strategy for information security in geo-distributed companies is the disparity between the levels of protection across all sites. Although the most sensitive data may be held centrally, access to the company network is clearly required from several locations, and these are typically not as well protected as HQ – creating security risks for the whole organization.
In the study, fewer than four in ten (38%) were confident that all their locations are genuinely well protected. Organizations in the MEA region placed greater emphasis on universally high levels of protection: here, 46% were sure that all of their sites are genuinely well protected. The opposite is true of companies in Russia, where only 20% felt this way.
In your view, how many of your locations are genuinely well protected from cyber threats?
This can be driven by budgetary constraints, a lack of expertise, or the misconception that a lower level of protection will suffice for sites that play a secondary role in the company structure. As many as one in seven (14%) identified serious deficiencies with regards to protecting local business units from cyberthreats worldwide.
Looking specifically at the differences in protection between HQ and local sites, just under half of respondents (47%) reported “extremely high” levels of information security for HQ, but only 29% believed this was implemented at local sites. Almost the same number (30%) said that information protection is “high, medium or low” (as opposed to “very or extremely high”) for non-HQ locations, pointing to potentially very costly shortfalls. The greater emphasis on network security in MEA was evident again, with 54% reporting “extremely high” levels of information security for HQ, and 35% for all other locations, in stark contrast to Russia, where only 28% reported “extremely high” levels of NIS for HQ sites and 16% for other locations.
How would you evaluate the level of information security for your HQ and for your other locations?
Respondents said monitoring non-HQ locations for cybersecurity-related events is most often shared between HQ and local teams (60%) but is almost never assigned to local staff (3%), indicating a lack of local expertise driven by staff shortages and lack of qualifications. In 37% of cases, staff from HQ said they are responsible for all monitoring activities. Companies in MEA also placed most emphasis on HQ staff monitoring other network information security events at all the business’ locations (44%), whilst only 30% of companies in the Americas and Russia assigned this responsibility firmly to HQ staff.
Does HQ staff monitor what is happening in the other locations regarding alerts, telemetry and other information, or is this a shared responsibility?
IT development challenges
The vast majority of companies with multi-site networks had in-house IT development (94%).
What is the set-up of the IT development team in your organization?
Over half (53%) deployed remotely and 40% had IT development staff at locations outside of HQ.
Where do you host your data and code?
Those with remote or regionally-based IT developers were most likely to host data and code in a private cloud (64%) or a hybrid solution (58%), and 88% took a DevSecOps approach to increase security levels for their release cycle.
Does your company use a container development method?
Do you use any cybersecurity solutions for container and/or cloud protection?
The research also showed that container development is a well-established approach for increasing security, with 79% of companies operating across multiple sites using this method, but one in five (21%) of those using container development use this approach without a container security solution. Cloud security was a more common approach with 71% of respondents opting for this, whilst cloud workloads security was used by 46%.
Has your organization experienced any of these cybersecurity incidents related to containers and/ or Kubernetes in the last 12 months?
Alarmingly, 85% of those using container development methods said they have experienced cybersecurity incidents related to containers and/ or Kubernetes in the last 12 months. Around one third of these incidents were errors in configuration (34%), malware in the containers (32%) and cyber incidents during runtime (32%) creating serious system vulnerabilities.
What were the consequences of these cybersecurity incidents for the organization?
The consequences of such incidents are very serious. More than one third (39%) reported a leak of confidential data, and 38% said the incident resulted in significant commercial damage, such as a drop in share value and a decline in sales. Customer trust was undermined for 34% of companies that experienced such cybersecurity breaches, and 32% said their company’s reputation suffered.
Recognizing the need for a more secure environment for their IT development, over half (56%) of those currently not using it are planning to shift to a container development set-up, with the vast majority (85%) planning to install a container security solution.
“Cloud migration and containerization is a winning combination for modern business due to processes acceleration, costs reduction, performance improvement, and much more. However, containerization can be hit and miss, and also offers potential severe consequences for both your business and reputation. Risks arise in each of the key components of container infrastructure and vary from a harmless failure of a single container, to malicious intrusion into company infrastructure – even with root privileges. To mitigate cloud migration risks, it is crucial to build comprehensive cloud workload security that will cover the entire infrastructure. Kaspersky Cloud Workload Security ecosystem that will be launched soon, will incorporate best protection practices for containerized environments, and deliver mature protection for your hybrid cloud infrastructure, while unique technologies save your private cloud computing resources.” – Timofey Titkov, Head of Cloud & Network Security Product Line, Kaspersky
Conclusion
Managing networks across multiple sites brings its own challenges and, although most companies seem confident that they are well equipped to handle them, the amount of downtime caused by network outages and failures, the time it takes to restore them, and the number of reported cyber incidents paint a different picture.
Although the initial process of integrating new sites into a network infrastructure may seem straightforward, maintaining network integrity has proven to be an ongoing struggle for many companies, with frequent outages and performance issues. Swift recovery post-failure remains a pressing need, alongside the imperative of keeping hardware up to date, as issues could lead to financial and reputational losses. These findings underscore the critical importance of advanced solutions like SD-WAN to navigate the complexities of modern network management effectively.
A pressing issue in geo-distributed is the disparity of protection against cyberthreats between HQ and branch locations. This discrepancy could be due to factors such as budgetary constraints, expertise availability, and differing perceptions of site importance. But the allocation of responsibility for monitoring cybersecurity events highlights a common reliance on HQ teams, indicating a potential shortage of local expertise. Addressing these disparities is crucial to safeguarding the entire organization against cyber threats effectively.
With the increasing popularity of container development, new issues are arising. Most companies operating across multiple sites rely on in-house IT development, often deploying remote IT teams. These companies commonly opt for private cloud or hybrid solutions and adopt a DevSecOps approach to enhance security throughout the release cycle. Even though these companies using plan to increase security, a concerning number of them lack adequate security solutions, leading to a high incidence of cybersecurity incidents. Therefore, it is crucial to acknowledge the potential risks inherent in cloud migration and containerization and to adopt comprehensive cloud workload security systems to mitigate these risks effectively.
Additional vigilance required to prevent cybersecurity breaches across complex, geo-distributed networks can only translate into effective network and information protection if it can rely on the right tools: leading edge security solutions that enable
- comprehensive monitoring, prevention and resolution of network security threats for the entire company
- effortless communication across sites to enable proactive policy development and implementation
- support for teams able to cooperate without barriers across all sites.
List of recommendations:
- To build reliable networks, maintain geo-distributed businesses, and connect new branches with a zero-touch experience use a specialized solution like Kaspersky SD-WAN. It manages the entire corporate network from a single console, and converges separate communication channels and network functions of companies.
- Use centralized and automated solutions such as Kaspersky Next XDR Expert for comprehensive cyber protection of all company assets and processes both in HQ and local offices. By aggregating and correlating data from multiple sources in one place and using machine learning technologies, this solution provides effective threat detection and fast automated response.
- To protect containerized environments, use specialized solutions for container security, such as Kaspersky Container Security, designed to provide security for all stages of containerized application development. It can be the first step of implementing complex DevOps and cloud security solution like an upcoming Kaspersky Cloud Workload Security. The ecosystem provides comprehensive protection of customers’ cloud infrastructure: hosts, virtual machines, instances in clouds, containers and Kubernetes; reduces costs and resource consumption.