Of particular note, the top two most shocking findings from the Secure Passage report:
Top 10 Shockers Revealed by Respondents:
1. 73 percent think firewall rule bases are too complex or out of control
2. 59 percent feel that a lack of management tools makes policy management difficult
Living firmly in the land of academia and hence being able to speak from the ivory tower, these works should be a huge wake up call for how security research should proceed. All too often in security research, the perfect becomes the enemy of the good but I think researchers forget that easy to use security (yes, Virginia there is such a thing) offers a huge benefit to the overall health of the Internet ecosystem. Certainly, there is a need for high end, complex systems such as for DARPA / etc. but by in large, complexity is not a friend of security.
Moreover, I do not think the problem is one of building a better interface for the existing tools. It is a general philosophy where complexity is viewed as an informal indicator of correctness or completeness. Unfortunately as my students can attest, try publishing something novel but not terribly complex and the results are often less than heartening. Perhaps that is best left to industry but certainly these surveys attest to the security elephant in the room that we know things are bad and really can not do too much about it*.
Hat Tip: Athena Security which has a tool for improving firewall complexity Athena FirePAC