No fewer than 20% of IT security managers admit to cheating on audits to get them passed, according to a survey by security lifecycle management firm Tufin Technologies.
What's more, its study discovered that 63% of firms only check and audit their firewalls once every three to 12 months – with 9% not checking their firewalls at all. Indeed, more than half (51%) admitted that their firewall rules are 'a mess'.
Beyond that, 22% of respondents said firewall audits take anything from a few weeks to a few months – although 70% only take a few days.
Tufin CEO Ruvi Kitov makes the point that from a security perspective, with audits not being undertaken frequently and with many taking a long time to conduct, these companies have firewalls that, at best, are running under par and, at worst, contain shadowed or obsolete rules that introduce unnecessary risk.
Additionally, he accepts that, in the current economic climate, cost savings have to be a priority, but argues that, with the study also showing 48% of firms seeing that impact their compliance efforts, there is real danger.
"With more than 315 customers we have a something of a read on the state of firewall management, so while we did ask some requisite questions, but we were really looking to get a more subtle, read on peoples attitudes and behaviours," says Kitov.
"Having a clear sense of what's going on in the trenches is an important indicator of what and where to innovate, and we are more committed than ever to making security operations less painful."
The survey was conducted among 151 IT professionals, many from multinational organisations employing 1,000 to 5,000.