FireMon’s 2020 State of Hybrid Cloud Security Survey found that 69.5 percent of respondents have a security team of just 10 people or fewer. And most manage both on-premise network security and cloud security.
These teams are already bogged down with manual tasks at the best of times, so when a crisis hits, it magnifies the risks of manual processes. Not only is it difficult to maintain essential network operations, but the number of misconfigurations that threaten compliance go up dramatically.
Worse still, if unexpected interruptions to business continuity lead to team members being out of commission, security and compliance is further compromised because there’s not enough people to execute even the most basic steps of the business continuity plan — forget security configuration and compliance! An unexpected disaster scenario that already threatens data and compliance is further magnified, and so is the risk to the business, including the greater likelihood of lost revenues.
It’s already way too hard to keep up on a normal day
If you’re already short on people on a regular day, it’s going to be even harder to keep on top of everything that needs to be done when disaster strikes. Some of those manual tasks such as firewall rule updates may simply not get done, or if they do, they’re rushed and are more prone to human errors that lead to misconfigurations. Instead, the priority is to keep the business running and security teams must shift their focus to exceptional, specific user access issues that are cropping up, which are also being done in a hurry without enough attention to compliance because there’s no foundational best practices in place.
Disruptions also mean some security team members are no longer available, so you’re even further short-staffed at a time when you need all hands on deck. Without automation and logs that provide insight into how and why things are done, you’re dependent on the knowledge of people who may no longer be available to share it.
Automate what you can so you can manage what you can’t
You can’t control everything, and it’s not a matter of if disaster strikes, it’s when. Regardless of the cause, a “black swan” event tends to throw a lot of curve balls at security teams. However, if you’ve already automated most cloud configurations and global security policy, your team is in a much better position to deal with the expected.
There are many things security teams can automate, including:
- Identity and access management, including cloud configuration
- Updates and patches
- Detection and monitoring
- Firewall rule updates
Knowledge transfer through documentation also means you’re not dependent on specific team members to maintain compliance.
You can’t automate everything at once, but if you start with low-hanging fruit, you’ll see immediate benefits. By establishing a global security policy and making it a baseline for any access configurations, including cloud services, you can be responsive to the lines of business change requests. Organizational knowledge is also quickly accessible, even when disaster strikes and if team members become unavailable.
There are times when business isn’t as usual – it happens. However, it’s important to learn and adapt while things unfold during those times. In this case, many organizations will decide to lean into cloud migrations and automation to blunt the impacts of future black swan events.