Embrace Automation to Pull Security Teams Together

Tim Woods

If you’ve ever attended a regatta, it’s impossible not to notice how synchronized the boat crew is — everyone knows their exact responsibilities that will produce the greatest strengths in the total racing effort. But when it comes to security in many organizations, there’s much less unity and little automation of security controls.

FireMon’s 2019 State of the Firewall report shows there’s much fragmentation when it comes to managing security. Many organizations now have teams specifically responsible for applications and assets deployed to the cloud, separate from the on-premise security teams, and not necessarily guided by a common, global policy. And because of the speed of business, applications owners have also started taking responsibility for their own deployments, including security controls.

These silos of security responsibility make it harder to automate, and yet, embracing automation can help reduce firewall bloat and unify security controls to get the ship back on course.

Complexity Drives Fragmentation

Given the cybersecurity pressures on business today, it’s always all hands-on deck, but security teams are increasingly scattered in all directions, grappling with the immediate task in front of them.

This fragmented deployment of people is driven by the proliferation of applications and firewalls across many platforms, on-premise and in the cloud. The 2019 State of the Firewall report found nearly 60 percent of respondents have firewalls deployed in the cloud. Although the cloud is influencing how organizations tackle security, just under two percent have firewalls completely deployed in the cloud, and a little more than 40 percent still have their firewalls completely on-premise. Overall, the survey found almost one-third of respondents have more than 100 or more firewalls on their network.

Before these distributed teams, there was typically an infrastructure team tasked with application deployment in collaboration with a security team that made sure appropriate security controls were in place based on a corporate-wide policy. Today, however, you have application owners, DevOps and a wide array of operational programmers deploying code multiple times a week, but there’s no one at the security helm making sure the right controls are being put in place at the time of deployment. Many of these missing controls are what keep the organization compliant with internal policies, industry regulatory frameworks and applicable privacy legislation.

This fragmentation means everyone is focused on their own task with no sense of how one action is affecting the entire ship. Growing complexity without automation is leading to misconfigurations due to human error, while fragmentation without automation is increasing risk to the organization too. And just as adding more people can’t keep up with the volume of work, neither can the best technology without efficiency. Automation is essential, but it must be smart automation.

Smart Automation Reduces the Impact of Fragmentation

Automation isn’t a panacea. It is possible to automate the wrong things and even automate failure because a process is a broken. And given how many processes there are to automate, it’s possible to replicate manual mistakes.

Many respondents to the 2019 State of the Firewall report cited still having a lot of manual processes—31 percent said their change management process is ad hoc in that it relies on email requests to firewall administrators using spreadsheets. Meanwhile, 33.9 percent said the firewall change process is part of the organization’s IT change process, but rule engineering and pre-change assessments are done outside the change management system—again, tracked in spreadsheets.

One could say that partial automation is better than no automation, but to continue the sailing analogy, if only half the boat’s crew are working in tandem, you’re still not on course. FireMon’s survey found that 72 percent of respondents have two or more teams involved in processing and/or approving a typical change request. Of those with two or more teams involved, nearly 30 percent have three teams involved in processing and/or approving a typical change request.

Often, the ticket process part of a firewall change request is done automatically, seamlessly forwarded along the chain until it reaches the security enforcement point where the change is to be made. At this point, however, lack of security control automation driven by centralized policy means it falls on a human being to implement the request. Even though you’ve automated 80 percent of the process that remaining gap means there’s plenty of room for the human errors that account for most misconfigurations.

Not everything should or needs to be automated. You need to be smart about automation because when the best security people are pulled in too many directions, manual tasks can be done incorrectly. It only takes a couple of errors during the implementation of a firewall change request to bump you off course and put you out of compliance.

Put Everyone on the Same Course

Smart automation means applying it to the processes that will give you the best return. Focus on automating frequently recurring tasks to give back hours to your security team so they can focus on the higher level, strategic tasks. Fully automating the right processes and applying a centralized global policy reduces the impact fragmentation has on your security posture and synchronizes your crew to deftly navigate in any weather.

Navigating security automation can be a challenge. Chart your course by attending our webinar, 7 Myths of Security Automation: Be Clear on What It Can Achieve,  on Wednesday, December 11th at 2:30 PM CST.