Considering how fast technology evolves, it's amazing how many service providers have not updated their approach to managing network security in the past 15 years. Carrier security teams are trained like fine craftsmen under the tutelage of someone who came before them. The conventional thinking is that manual methods are the only way to manage network security changes across increasingly sprawling environments.
It's no wonder many teams feel like Bill Murray in Groundhog Day -- going through the same motions day after day.
In the movie, Murray plays Phil Connors, an arrogant TV weatherman assigned to cover the annual Groundhog Day event, who finds himself repeating the same day again and again. After a few days of debauchery and then angst, Murray begins to re-examine his life and priorities.
While those of us in security may not have the wit and sharp tongue Murray possesses, we do have the same ability to question everything -- to consider what's working for us, and what jobs make us feel like we're in an infinite loop. We also have something Murray did not -- technology that has come along in the past 15 years, allowing us to automate many of these manual tasks so that day to day we feel less like a hamster (or a groundhog).
We see this time and again. Once people have been exposed to the kinds of automation possible today, they are like kid in a candy story, suddenly seeing numerous possibilities.
So as a tribute to the great Mr. Murray, we’ve put together a Top 5 list of things you should be automating TODAY, to make sure tomorrow is ever more enjoyable:
Provisioning and change management are among the most time-consuming tasks for any team. Automating the execution of changes on security policies enables organizations to dramatically reduce the time required to implement access requests and eliminate human error. Leveraging automation, administrators can view recommended (or required) policy changes on relevant firewalls, and then automate the provisioning of such changes, knowing they follow company policies and best practices. Ask yourself, how much time would you gain back in your day if you were able to automate all of the seemingly simple change requests made of your organization?
2) Rule creation and auditing
Another challenge that security teams face is communicating current rules to the rest of the IT organization. When end-users have the ability to determine on their own whether access is allowed, it can reduce the number of requests they make.
3) Recertification for compliance with industry requirements
Certification is a painful process and to top it off, most regulations require that you recertify annually at minimum. Leveraging automation, organizations can document a rule date, receive an automatic notification of when rules are up for recertification, and then review the rule and update the recertification date for the following year. This not only saves time, but provides a much more substantial record for auditors.
4) Streamline ticket approval process, and reduce the burden on ticket approvers
Tickets, and ticketing approval, are often the bane of existence for many organizations. They serve as "cover yourself" functionality, to ensure that one person's mistake can be found and stopped before they go into production. But often approvers merely go through the motions, approving tickets without the necessary scrutiny because they are bogged down with so many of them. Or worse, they become roadblocks by ignoring their queue of tickets for days at a time. A security gatekeeping feature becomes another risk.
If, instead, you can automate rules for what you do and don't want to allow, and use technology instead of people to check changes before they are made, you can significantly streamline the approval process.
5) Management and grooming the next generation
Oversight of junior staff can't be totally automated. But the ability to offload certain tasks to junior staff because you have automated the rules for what can and can't be changed (therefore minimizing or eliminating risk of mistakes) can be a huge time saver. In addition, it empowers the next generation of staff to learn, to actually make changes in a safe, controlled environment, and to still do the job efficiently. That frees up your time and energy to focus on more strategic priorities and higher-profile projects -- allowing you to advance in your career, and mature as a manager and executive while enjoying your day to day life.
Automation certainly can't solve everything. But it can address a significantly larger portion of processes and repetitive tasks than it is being asked to do today. So the next time you find yourself fielding a request for the 10th, 20th, or 100th time, ask yourself, would I rather be Mr. Murray in Groundhog Day, or Murray as Peter Venkman in Ghostbusters -- rounding up wayward ghosts and truly making a difference.
— Gil Brice, Director of Engineering, Tufin