According to ESG research, 65% of IT and security professionals recognize that modifying and/or implementing network security controls is still a very manual process that requires the expertise of multiple teams to execute.
Why are manual network change processes a problem?
You may look at the opening statement with a “so what?” Consider that many network operations teams still track and process network access requests by using spreadsheets, post-it notes or email. Not only are these methods unreliable, but they are slow and error-prone. In addition to the business impact of missing SLAs and increasing the risk of downtime and a security breach, manual processing and implementation of changes has a significant impact on compliance. With digital transformation initiatives looming and growing DevOps teams who won’t wait weeks to spin up an application, a change is needed. Now do I have your attention?
The top 5 reasons to eliminate manual network change processes:
- You are missing SLAs and your customers complain about delays in implementation
- Your volume of changes is expected to increase significantly as the organization adopts hybrid cloud
- Your staff is spending too much time and effort on mundane tasks and unable to focus on strategic projects
- Your network is vulnerable to downtime or a security breach due to misconfigurations you may not even be aware of
- You spent weeks preparing for the last audit and you still weren’t able to prove compliance
Let’s dive into the details on why you need to change your manual network operations.
It’s too slow to meet the needs of the business
Many enterprise organizations I have talked to admit that it can take weeks to implement simple changes and they don’t feel confident that the change they made won’t violate security policy. The process of making a change to the network is too slow because it’s complex and you are understaffed to meet the volume of requests. The obvious backlash is that your team is viewed as a bottleneck and your end customers are not happy, and it also means that the business can’t move at the pace they would like to. The bottom line is that you are not going to meet your strategic goals or scale your operations to meet the speed of the business if your staff is spending all their time on routine, low risk tasks.
It can lead to breaches and downtime
Not only is slow a problem, mistakes and misconfigurations that are often born from manual processes can cause network downtime and security breaches. According to Ponemon’s 2018 Cost of a Data Breach sponsored by IBM, 27% of data breaches are triggered by negligent employees or contractors and IBM X-Force reported that in 2017 nearly 70% of the compromised records were exposed due to misconfigured cloud servers. The same Ponemon study also found that the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million. In other words, the stakes are real, and they are high.
A sampling of breaches caused by manual human-led error include:
- A misconfigured Amazon S3 storage bucket led to MedCall Healthcare Advisors leaking protected, personal data. In October 2017, private customer information, certificates, 40,000 passwords and other sensitive data from Accenture customers was left open to public access with a misconfigured AWS S3 storage bucket.
- An unsecured server at BJC Healthcare was left open to internet access between May 2017 to January 2018, containing patient data including driving licenses, insurance details and treatment documentation.
- According to the report on Singapore's most severe cybersecurity breach last July, a culmination of bad system management and undertrained IT staff, amongst other gaps, were causes for the breach. Several of its suggested remedies, however, should already be considered standard security practices for an essential services provider. (ZDNet)
You will not meet compliance or pass your audits.
Many industry regulations mandate an auditable and well-documented change process. If your processes are manual it takes a long time to document all your changes in a way that enables you to quickly prove compliance. Compliance mandates like PCI DSS, HIPAA, FINRA, NERC or GDPR continue to broaden the requirements you need to meet in order to avoid fines and penalties. With manual processes, you will have to dedicate many resources, that could be used better elsewhere, to pass your audits.
With the high level of network complexity, errors are inevitable.
An article I came across on ITProPortal stated that companies frequently utilize more than 70 different security vendors. Even if we assign a high margin of error to that statistic, it’s still a big number of disparate systems to manage. In addition, RightScale’s 2018 State of the Cloud Report stated that 81% of enterprises have a multi-cloud strategy. With that level of complexity, there is no way we can continue to trust that humans, no matter how smart they are, can meet aggressive SLAs and manage a hybrid network manually without making a mistake.
Automation is the answer, but where do you start?
Since Henry Ford began the assembly line, it has been well understood that automation will bring more productivity and a higher level of efficiency to do more with less. But when we talk about bringing automation into a complex enterprise network there is a fear of a loss of control, increased risk and/or automating yourself out of a job.
It’s time to move beyond manual change blockers.
The key to succeeding with automation is to start small with those mundane, time-consuming tasks that are at low risk – tasks like firewall cleanup, server decommissioning or server policy cloning. By starting small you will gain confidence in the process and begin to build towards higher levels of automation.
It’s important to make sure that the entire process has an owner and that it is documented so if an employee leaves, you still have a way to prove who made a change, when and why. In fact, those who test the water gain more controls and higher confidence in the information they get from their systems.
Take the next step:
To learn more about the motivation to eliminate manual processes and to how to begin your journey towards automation, we encourage you to check out the 5 Clear Signs that You Need Automation webinar.