Automation and integration thwarts misconfiguration, staff burnout

Tim Woods

Keeping pace with the rapid growth of the hybrid cloud growth is difficult for security professionals when everything’s done manually.  

FireMon’s State of Hybrid Cloud Security Survey found most respondents still don’t have the benefits of automation that can help security policy keep up with cloud-first strategies. Nearly two-thirds (65.4 percent) said they use manual processes in their hybrid environment. Of those, 35.4 percent don’t have any automation. Overall63.2 percent dont have any level of automation at all, while 36.8 percent have some automation but still use manual processes. 

Also lacking is the integration of tools to provide much needed visibility. Only 34.5 percent of respondents use tools that work across multiple environments to manage network security, while 24.5 percent of respondents say they have no centralized or global view of information from the tools, making it their biggest challenge in managing multiple network security tools across their hybrid cloud. In the meantime, relationships with DevOps/Application teams are getting worse, with 45.4 percent reporting their relationship is either complicated, contentious, not worth mentioning or non-existent, which is up dramatically from last year’s 30 percent. 

This lack of automation and integration means security professionals must work harder than necessary. Worse still, it’s leading to misconfigurations and incorrect setup that places organizations at greater risk for data breaches and compliance failures. 

Lack of automation raises the likelihood of misconfigurations 

Even the smartest people make mistakes when they’re overworked. When you’re swamped with manual and repetitive processeshuman error inevitably creeps in. 

It’s something that survey respondents are aware of, with 32.6 percent saying misconfigurations and incorrect set-up is the biggest threat to their hybrid cloud environment. Of those, 73.5 percent are using manual processes in their hybrid environment. This creates an environment where people are just trying to keep up. Too frequently, security becomes a compromise 

Rapid hybrid cloud adoption amplifies the need for security to be at the forefront of the deployment process, including the DevOps team. Developers need to think about security policy as they code, guided by an awareness of compliance pressures that come with industry regulations and global privacy legislation. 

Security must be an integrated enabler into business processes rather than a barrier or bottleneckWhen everyone is on the same page, security controls can be applied by default much earlier in the process. This could apply to writing code or onboarding sales team and their account data to a cloud-based CRM. On-premise, legacy infrastructure must not be forgotten, either. It must be secured to avoid emerging gaps between traditional IT security and cloud security teams  there needs to be unity and enforcement of global security policy across all environments 

Today’s reality is that security professionals are still doing a lot of things manually. Inevitable misconfigurations have caused some high-profile breaches via public cloud platforms. Without automationintegration, and visibility, risk will most certainly increase, result in data and compliance breaches. 

Automate early, thoughtfully for incremental, yet tangible benefits 

Applying automation upstream reduces the complexity downstream as hybrid cloud environments scale-up; trying to apply security policy after the fact is just too overwhelming of a task. Introducing automation is an opportunity to improve your visibility, maximize discovery and minimize complexity. Evaluating your environment will uncover endpoints, firewalls and rules that either must be updated to align with current security policy or eliminated  cleaning up goes a long way to reducing complexity. From there, you can automate the deployment of configuration services and the analysis of configuration control and security posture impact.  

By automating new activity as it happens and steadily working through existing deployments, you’ll incrementally see benefits, including fewer misconfigurations.