Security automation is one of the hottest topics in the IT industry. Experts say that automation can help organizations overcome staffing constraints and keep up with rapidly evolving security threats. However, a recent survey found that most organizations still rely on manual processes, and the lack of automation is contributing to increased risk.
For its 2019 State of the Firewall report, the company surveyed nearly 600 IT and security professionals about their enterprise firewall operations. But while the data focus on firewall management, the report points to the larger challenges facing organizations that want to automate their security processes.
The data show that just 35.2 percent of organizations incorporate some form of automation into firewall change management. Just 8.7 percent have fully automated firewall changes, while 26.5 percent implement firewall changes manually but have automated processes such as rule engineering, pre-change assessments and approvals.
Another 33.9 percent said that firewall changes are initiated and tracked as part of IT change management, but rule engineering and pre-change assessments are ad hoc. More than one-third (30.9 percent) said that firewall change management processes are ad hoc, such as sending email requests to administrators and using spreadsheets to track changes.
Manual processes, coupled with late-night change windows and overworked staff, are driving misconfigurations and other errors that leave organizations vulnerable to threats. What’s more, 35 percent of respondents said they found out about issues caused by firewall misconfigurations through urgent phone calls, emails and texts.
Meanwhile, the number of firewalls is increasing. Almost one-third (30.3 percent) of respondents said they have 100 or more firewalls in their environment, each with a growing set of rules to manage. An overwhelming 95 percent said that firewalls will be as critical or more critical to their security architecture in the next five years.
If firewalls are critically important, the number of firewalls is increasing, and human error is causing business issues and risk, why aren’t more organizations automating firewall change management? There are several factors involved:
- It is very difficult, if not impossible, to automate ad hoc tasks. Before they can implement security automation, organizations must establish clear policies and procedures and templatized workflows for managing the IT security environment.
- In their defense, IT teams face enormous challenges keeping pace with the dynamic needs of the business on top of the evolving threat landscape. That makes it difficult to develop policies and procedures that are both well-defined and agile.
- Business leaders are naturally concerned about the impact of security on business processes and customer service. Manual processes may be slow and error-prone but there’s a comfort level in having a human being responsible.
- Few organizations know which automation tools to use, how to configure them, or how to acquire and manage the data needed to drive them. They have not established metrics for determining the ROI from automation projects.
It’s worth the effort, however. Automation enables organizations to minimize human error, increase efficiency and agility, and maximize the value of their security tools. The right automation strategy also provides greater control over IT and security processes, and the real-time visibility needed to respond to threats and ensure regulatory compliance.
In our next post, we’ll take a look at Forrester’s framework for developing an automation strategy. Meanwhile, Technologent’s experts can sit down with key stakeholders across your organization to begin plotting your automation roadmap.
Tags:IT Security, Threat Detection
February 27, 2020