By all accounts, the RSA Conference last week in San Francisco was a resounding success. If the interest and excitement at the Tufin booth was any indication I'm confident that 2013 will prove to be a year where Business and IT work more closely than ever out of sheer necessity if nothing else. Over the course of 4 days I had the opportunity to speak to over 100 customers, vendors and system integrators of all shapes and sizes who shared several similar challenges:
- Additional Compliance Requirements (Internal and / or Regulatory)
- Application Availability and Business Continuity
- Increase in Complexity
- Constant Change
- Communication Gaps (between respective IT Organizations as well as Business Units)
IT Staff at all levels are burdened with an ever increasing number of requests for user access, new applications, updates to current applications, adds moves and changes, the list goes on… And when the evolving threat landscape is taken into consideration it becomes abundantly clear that simply accommodating these requests by creating a new security rule is far from best practice.
Without a clear understanding of newly required, and existing, rules and policy you are putting business continuity and the security posture of an organization at severe risk. With that said why do we still see challenges, specifically in the areas of communication, between IT Security and Application Teams? Well, based on my conversations it seems operating in siloes has been acceptable if not functional. Until now that is…
Consider the problems that hinder application enablement by asking yourself:
- How many security changes are required to enable your application demands?
- What percentage of my Firewall Rule Change requests are application related?
- Can your teams provision and/or decommission applications without having to sort through numerous security rules? Is the process automated?
- How often do applications get provisioned correctly the first time?
- Do decommissioned applications ever get completely removed from your environment? If not, can you identify who has unneeded access?
- Can you ensure continuous compliance?
These are some of the issues covered in Tufin's new Annual Firewall Survey report - have a look at the results - you may be surprised to learn you're not alone.
Someone smart once told me that "The Application IS the Business." Well if that's true to any extent, and I believe it is, than these questions need to be addressed. If you paid us a visit last week while at RSA, then you have some of the answers. If not, set up a meeting and learn how we can help you to solve these challenges.