Feeds

Application performance and access security

1. Network security and performance management

The network is arguably the most fundamental part of your IT infrastructure. This study looks at what is stressing it, and some important aspects of how you are dealing with changing security and performance management requirements.

1.2 Which of the following best describes your role (tick the first that applies)?

2. About your organisation

2.1 Which country are you located in?

 

2.2 Which of the following best describes your organisation’s core business?

2.3 Approximately how many employees does your organisation have?

2.5 How much do you agree or disagree with the following in relation to your business?

 
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Unsure
Senior managers appreciate the need for quick and reliable access to IT systems
Senior managers appreciate the need for effective IT security
The IT team has a clear understanding of which aspects of the business rely on good systems availability and performance
The IT team has a clear understanding of which aspects of the business are particularly sensitive to potential security breaches

3. Systems and Applications Landscape

3.1 Roughly how many servers do you have (whether physical or virtual, local or hosted)?

3.2 Roughly how many of these servers are virtualised?

3.3 What proportion of your servers run in a cloud or hosted environment?

Thinking about the workloads these servers support...

4. Requirements and how they are changing

4.1 Are any of the following factors impacting the level of traffic or load on applications in general, or have they done so already?

 
Yes
No, but likely to in the future
No, and unlikely to
Unsure
General growth or diversification of your business
Increasing role played by technology within the business
Growth in home working and/or other forms of remote access
Growth in mobile access using company owned devices
Growth in mobile access from privately owned devices (BYOD)
Increasing business transaction rates and volumes
Increasing use of multi-media and different forms of messaging
Increasing access by customers and prospects
Increasing access by business partners and suppliers

4.2 Looking across your entire application landscape, how high is the current load or level of traffic generated by the following types of user, and how do you see this changing over the coming 3 years?

 
Load/Traffic Today
(5 = Very High, 1 = None)
 
Load/Traffic in 3 Years
(Relative to today's levels)
 
5
4
3
2
1
Unsure / NA
 
Much higher
Higher
No change
Lower
Much lower
Unsure / NA
Employees at main office locations
 
Employees connecting remotely
 
Customers and prospects
 
Business partners and suppliers
 

4.3 Looking at this from the application perspective, how high is the current load or level of traffic on the following types of systems, and how do you see this changing over the coming 3 years?

 
Load/Traffic Today
(5 = Very High, 1 = None)
 
Load/Traffic in 3 Years
(Relative to today's levels)
 
5
4
3
2
1
Unsure / NA
 
Much higher
Higher
No change
Lower
Much lower
Unsure / NA
Externally facing websites/applications
 
Email and collaboration systems
 
Advanced communications systems
 
Core or line-of-business applications
 

Another consequence of some of the trends and changes in the usage patterns we have been discussing is the potential impact on how you deal with the security aspects of application access. Given this...

4.5 Are any of the following factors increasing the level of challenge associated with application access security, or have they done so already?

 
Yes
No, but likely to in the future
No, and unlikely to
Unsure
Changing working patterns, e.g. mobile and remote access
Changes in how data is used and how it moves around
Increasing access by customers and prospects
Increased web based sales or customer service activity in particular
Increasing access by business partners and suppliers
Virtualisation of the IT infrastructure
Adoption of cloud and hosted services

4.6 Thinking about the ease with which virtual machines (VMs) can be created and deployed nowadays, how much are the following a challenge for you?

 
Significant problem
Unwanted distraction
Not an issue
Unsure / NA
Maintaining visibility of the VMs that exist in our environment
Keeping track of what VMs are being used for
Knowing how VMs are configured
Making sure VMs are secured appropriately
Keeping software installed on VMs properly patched (including dormant VMs)
Ensuring that network connections are properly secured
Ensuring that users can only connect to authorised VMs
Ensuring that VMs only contain or access appropriate data

4.8 How much of a perceived security threat (including issues arising from ignorance/mishap) is associated with the following, and how do you see this changing over the coming 3 years?

 
Percieved Threat Now
(5 = Very High, 1 = None)
 
Percieved Threat in 3 Years
(Relative to today's levels)
 
5
4
3
2
1
Unsure / NA
 
Much higher
Higher
No change
Lower
Much lower
Unsure / NA
Employees at main office locations
 
Employees connecting remotely
 
Customers and prospects
 
Business partners and suppliers
 
Opportunistic attacks/hacking attempts
 
Targeted attacks/hacking attempts
 
Advanced, persistent threats (APTs)
 
National government agencies
 

4.9 How much do you agree or disagree with the following statements?

 
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Unsure
We need to think less about internal versus external, and more about public versus private
Access security in today’s distributed/cloud world needs to be implemented at the application and / or data level

Building on this last point, some of the latest thinking in application access says we should think less about protecting the perimeter of a whole network, and more in terms of creating secure policy-driven perimeters around applications and data that protect them against internal as well as external threats. With this in mind...

4.10 How much have you moved from the ‘network perimeter mind-set’ and embraced the ‘application perimeter’ approach in your organisation?

OK, onto the last part of the questionnaire...

5. Technology Solutions

5.1 How would you rate your capability today in relation to the following performance and availability functions, and are any of them a focus for improvement?

 
Current State
(5 = Comprehensive, 1 = Non-existant)
 
Focus for improvement
 
5
4
3
2
1
Unsure / NA
 
Yes
No
Unsure / NA
Network traffic management
Response control, content routing etc.
 
Application / data transport optimisation
Compression, content caching, etc.
 
Application availability
Load balancing, HA etc.
 
Server resource optimisation
SSL offloading, network management etc.
 
Application / service performance monitoring
Real-time alerts, end-to-end response time tracking, etc
 

5.2 How would you rate your capability today in relation to the following access security functions, and are any of these a focus for improvement?

 
Current State
(5 = Comprehensive, 1 = Non-existant)
 
Focus for improvement
 
5
4
3
2
1
Unsure / NA
 
Yes
No
Unsure / NA
Basic network-level security
Firewall, anti-virus, anti-spam etc.
 
Application security
Session isolation, application layer security, etc
 
Data security
Data loss prevention
 
User access and audit reconciliation, etc.
Identity and access management, anomaly detection etc.
 
Access security monitoring and analytics
Real-time alerts, forensics, APT detection/tracking, etc.
 

5.3 Thinking about the practicalities of managing application performance, availability and security, how much are the following a problem for you?

 
Significant problem
Unwanted distraction
Not an issue
Unsure / NA
Disjointed solutions that create a complex and hard to manage environment
Old technology that has functionality gaps or is difficult to operate
Old technology that isn’t designed for today’s requirements
Excessive reliance on manual processes prone to human error
Unplanned application out ages causing disruption in the business
Poor or unpredictable application performance impacting the business
Inadequate level of security leading to regu latory exposure
Hard to manage cloud and on-premise service levels in a coherent manner
Hard to manage cloud and on-premise security in a coherent manner
High costs to the business

In terms of specific types of technology in place...

5.4 How much do you use the following classes of solution at the moment (whether physical or virtual)?

 
Broadly
Selectively
Minimally
Not at all
Unsure
Dedicated access security devices
Firewall, anti-malware, DLP, etc
Dedicated application performance devices
Load balancing, content caching, etc
Application delivery controllers (ADCs)
Combining security and performance optimisation in one solution

5.5 How much do you consider the following as drivers for making more use of integrated solutions such as ADCs?

 
Primary driver
Secondary driver
Not a factor
Don’t believe ADCs provide this
Unsure / NA
Infrastructure simplification
Ease of implementation
Ease of management
Lower cost of equipment
Lower ongoing cost of ownership
Lower risk of things falling through the cracks

5.6 Beyond general growth, how likely is it that the following will prompt new application delivery requirements over the coming three years?

 
Already occurred recently
Definitely / Probably
Possibly
Probably not
Unsure / NA
Existing equipment reaching end of life
A significant MS Exchange/SharePoint upgrade
A significant upgrade of another application
A major website development or re-development
Escalating risk of things falling through the cracks
Higher security expectations from customer, partners, suppliers and shareholders
New regulatory requirements
Other (Please specify)

Nearly there, just a few more questions...

5.7 Thinking about both your growth plans, technology refresh activity, how do you see usage of these solutions changing over the coming three years?

 
Rapid increase
Steady increase
No change
Steady decrease
Rapid decrease
Unsure / NA
Dedicated access security devices
Dedicated application performance devices
Integrated application delivery controllers (ADCs)

5.9 Do you see a role for ADC solutions delivered as virtual rather than physical appliances?

5.11 Any additional thoughts on ADC solutions in general (e.g. why they may or may not be of interest to you)?

 

6. The bottom line

Thanks, we’re pretty much there. Just one last question before we close.

6.1 How much do you agree or disagree with the following statements?

 
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Unsure
We are currently meeting the organisation’s application access performance and availability requirements very well
We are well positioned to meet application access performance and availability needs as they develop over the coming 3 years
We are currently meeting the organisation’s application access security requirements very well
We are well positioned to meet application access security needs as they develop over the coming 3 years

6.2 Any final thoughts?