A 2019 AlgoSec study found that over 42 percent of organizations had experienced an application or network outage caused by a human error or misconfiguration. Kyle Wickert explains why this figure is so high; and why automation is key to improvement.
Ever since businesses began connecting to the Internet in the mid-90s, their high-level security goals have not fundamentally changed. The focus is on keeping hackers and malware out, and ensuring that only authorized people and applications can use approved network paths. And in those early days of networking, those goals were relatively easy to achieve. Enterprise networks were much smaller and less complex, with fewer devices, business applications and external connections.
This in turn meant that they were much easier to manage. The network security policies that governed how organizations’ firewalls, proxy servers and other security devices work were simpler. They needed a relatively small number of rules controlling what traffic should be blocked, what should be allowed, and where it’s allowed to go to enable security, ensure compliance and drive business productivity.
But 25 years later, networks have grown dramatically in size and complexity. Business-critical applications are continually developed and changed to support new functionality and more users. The move to virtualized and cloud infrastructures has introduced even more new network connectivity that must be secured at all times. And the threat landscape has changed beyond recognition, which means more and more security products need to be deployed to counter new types of threat.
Traffic control problems
The result is that managing security is a massive task for enterprise IT teams, with hundreds or thousands of security devices to control. The policies governing how those devices handle network and application traffic can comprise tens or even hundreds of thousands of rules – making it increasingly challenging to maintain them and balance the needs of the business with security. Just to keep up with business demands, IT teams can find themselves managing hundreds of change requests a week.
With this volume and frequency of changes, relying on error-prone manual processes is too time-consuming and inefficient – and leads to outages, security holes and compliance violations. As highlighted above, our 2019 study of managing security in hybrid and multi-cloud environments found that over 42 percent of organizations had experienced an application or network outage caused by a human error or misconfiguration.
So, it’s clear that manual processes no longer cut it when it comes to managing today’s enterprise networks. They can’t keep up with the speed of business, as companies move applications to the cloud and adopt DevOps processes to help develop and deploy new applications and features faster. Organizations need to change their network security management strategies, so that they align with and support the needs of the business – rather than hindering them. So how should they go about doing this?
The key is to automate network security processes, using a management solution. An effective solution will give IT and security teams holistic visibility across the entire enterprise network, and the applications that run across it, enabling them to see all network and security devices, applications and their connectivity flows – whether on-premise or in private or public clouds – in a single pane of glass.
As the most common trigger for network changes is changes to a business application, it’s critical that teams understand exactly what devices and connectivity each application relies on to function correctly. So, the solution should be able to automatically discover and map the connectivity flows for all of the enterprise’s applications, across a heterogeneous enterprise environment (on-premise networks, SDN and cloud). This application-centric approach helps teams to focus their efforts on what really matters to, and drives, the business. It also saves hard-pressed IT and security staff from manual research and mapping.
The solution will also understand the control syntax used by all the different network security devices – including traditional and next-generation firewalls and cloud security controls. This gives teams single-console control over all of the security devices on their networks, eliminating the task repetition and time-consuming mistakes that result from manual change processes.
These visibility and automation capabilities enable automated, efficient design of the implementation steps for all network change requests and enable IT teams to perform proactive risk analysis on planned application connectivity or security policy changes before they are made, to ensure that they don’t introduce security gaps or compliance violations.
Then, if no exceptions or issues are identified, the solution can push the approved changes out to every relevant security device, with zero touch. This saves significant time and effort and prevents the accidental misconfigurations which cause outages and security holes. Manual intervention is only needed if a problem arises during the change process, or if a change request is flagged as high risk and requires authorization. The solution will also document all these changes automatically for audit purposes – making it easier for organizations to demonstrate compliance with the growing ‘alphabet soup’ of regulatory standards, and again saving significant time and effort for IT and security staff.
In conclusion, automating security management enables organizations to provision and configure their applications and networks faster and more efficiently, and process more network changes with the same resources. It delivers a stronger security posture, boosts business continuity, accelerates digital transformation initiatives such as migrating applications to the cloud, and streamlines DevOps processes by supporting team collaboration. When it comes to enterprise security, automation really does matter.
Kyle Wickert is Worldwide Strategic Architect at AlgoSec.