Posted on Jun 02nd, 2016 by Mark Wellins

As consumers, we enjoy the convenience of the quick fix society (or Band-Aid as Covey refers to it) that we find ourselves living in. Who doesn't enjoy one click shopping, e-tickets (no paper, no waiting), biometric identification (your password needs to have a capital letter, a number, a non-alpha numeric character, must not spell a word, must not be easy to remember, must not be similar to anything you've ever used before, yada yada yada); who doesn't enjoy #theresanappforthat? We have reached a new milestone in evolution – taking instant gratification for granted – which manifests itself in many different ways. Take, for example, auto-correct on your smartphone. We've become so used to technology correcting our mistakes that we expect to see the same capabilities in the tools we use daily. This makes sense when writing emails or documents, but this really does not apply when querying a database – do we really expect that a system can guess that you wanted to look up the table called “employees”, when you entered “employers”?

We Can't Guess What You Mean (Not Yet)

I was visiting a client recently, where I am pretty sure Holly Holm floored me. Or maybe it was when the client asked "When I type in the wrong IP address, will your product replace it with what I meant to put in?" Either way I had to take a standing count before I could unfuddle my brain and respond.

Me: Do you mean will we syntax-check that IP address, make sure it's a legal one?

Him: No. I mean if I get it wrong and I type 10.1.2.1 instead of 10.2.1.2?

Me: <Takes second standing count>

Me: Uhh, no. We can't guess what you mean.

Him: Oh, I thought your product could do that.

I wanted to say "Not yet, we are working on the ESP (Extrasensory Perception) functionality, it's still pretty rough though", but that was when I did the math, 2+2 indeed equals 4, and I could understand the point he was making. Instead, we engaged on a more meaningful discussion, which allowed me to better understand the reason behind the question, and why they were typing IP addresses at all. It turns out that they were querying IP addresses to find rules that were part of the CDE (Cardholder Data Environment) to allow them to answer questions their QSA (Qualified Security Assessor) had around the PCI audit requirements. If you know the Tufin Orchestration Suite then you'll know that we have a real-time PCI audit capability, and will wonder why it wasn't being used.

How the Client Became a Hero

I know the suspense is killing you, so let me put you out of your misery. Apparently, Tufin was purchased for firewall cleanup, and that was all that my client knew about us. With his busy schedule, he had not found time to look into what else Tufin could deliver, and so it never even crossed his mind that there was a better way to achieve his goals. This new-found knowledge turned my client into a bit of a hero-- he'd found a way to avoid human error, delight his QSA and save buckets of time preparing for PCI audits!

Of course, we are very busy working on the ESP functionality. But whilst we do that, why not see if you too can become a hero? See this infographic to find out.

For reference:
  1. Covey = Stephen Covey author of The 7 Habits of Highly Effective People
  2. Holly Holm surprised the world when she defeated the odds-on favourite (Ronda Rousey) for the UFC Title

Mark Wellins has spent over two decades focusing on enterprise customers and their requirements. As VP of Solutions at Tufin, he matches business needs with Tufin's technology to help enterprises realize full value from their investment. Mark hails from Scotland and prior to joining Tufin, he held leading positions at Check Point Software, including director of strategic accounts and global sales training.