Without automation, security gets harder during a business disruption 

FireMon’s 2020 State of Hybrid Cloud Security Survey found that 69.5 percent of respondents have a security team of just 10 people or fewer.  And  most manage both on-premise network security and cloud security. 

These teams are already bogged down with manual tasks at the best of times, so when a crisis  hitsit magnifies the risks of manual processes. Not only is it difficult to maintain essential network operations, but the number of misconfigurations that threaten compliance go up dramatically. 

Worse still, iunexpected interruptions to business continuity lead to team members being out of commission, security and compliance is further compromised because there’s not enough people to execute even the most basic steps of the business continuity plan  forget security configuration and compliance! An unexpected disaster scenario that already threatens data and compliance is further magnified, and so is the risk to the business, including the greater likelihood of lost revenues. 

It’s already way too hard to keep up on a normal day 

If you’re already short on people on a regular day, it’s going to be even harder to keep on top of everything that needs to be done when disaster strikes. Some of those manual tasks such as firewall rule updates may simply not get done, or if they do, they’re rushed and are more prone to human errors that lead to misconfigurationsInstead, the priority is to keep the business running and security teams must shift their focus to exceptional, specific user access issues that are cropping up, which are also being done in a hurry without enough attention to compliance because there’s no foundational best practices in place. 

Disruptions also mean some security team members are no longer available, so you’re even further short-staffed at a time when you need all hands on deck. Without automation and logs that provide insight into how and why things are done, you’re dependent on the knowledge of people who may no longer be available to share it.  

Automate what you can so you can manage what you can’t 

You can’t control everything, and it’s not a matter of if disaster strikes, it’s when.  Regardless of the cause, “black swan” event tends to throw a lot of curve balls at security teams. However, if you’ve already automated most cloud configurations and global security policy, your team is in a much better position to deal with the expected.  

There are many things security teams can automate, including: 

  • Identity and access management, including cloud configuration 
  • Updates and patches 
  • Detection and monitoring 
  • Firewall rule updates 

Knowledge transfer through documentation also means you’re not dependent on specific team members to maintain compliance. 

You can’t automate everything at once, but if you start with low-hanging fruit, you’ll see immediate benefitsBy establishing a global security policy and making it a baseline for any access configurations, including cloud services, you can be responsive to the lines of business change requestsOrganizational knowledge is also quickly accessible, even when disaster strikes and if team members become unavailable. 

There are times when business isn’t as usual – it happens. However, it’s important to learn and adapt while things unfold during those times. In this case, many organizations will decide to lean into cloud migrations and automation to blunt the impacts of future black swan events. 

You May Also Like

Ransomware Attacks – The new normal?

Once again, the world is hit with another ransomware attack. Similar to the WannaCry Ransomware cyberattack last month, Petya is causing major pain among thousands of users, this time crippling banks and infrastructure in what cybersecurity experts called one of the most-devastating digital intrusions of its type. In fact, not

Read More >

Looking Forward to Seeing You at RSA 2022

RSA 2022 is almost here! I’m excited to see many of you face-to-face in just a few weeks in San Francisco. So much has changed at FireMon since RSAC in 2020, yet our core mission of protecting our customers is still true north. If you are attending RSA, I’d love

Read More >

Pragmatic Steps Toward Zero Trust

If you ask most security professionals to define zero trust, you’ll get an eye roll and an exasperated sigh. To many, it’s been little more than a marketing exercise—and let’s be honest: a lot of what we’re seen and heard about zero trust over the past decade has been more

Read More >