Posted on Nov 23rd, 2015 by Ruth Gomel-Kafri

Over the past year, I've had the opportunity to speak one-on-one with many of our customers, including Fortune 500 companies and public sector organizations, whose networks serve a variety of industries and needs. Their network infrastructure is typically large and complex, often with over dozens of firewalls and hundreds of changes a week; they also face increasing cyber threats and are tasked with minimizing risks. From these conversations with network and security leads, I recognized a shared challenge: How can we have an efficient network security change process that meets the enterprise change management policy and its security compliance policy?

Typically, organizations handle IT network changes by following methodologies like ITIL, or using tools such as BMC Remedy and ServiceNow, which manage changes for the entire infrastructure stack. However, while these tools are required to maintain a standardized change process across the enterprise IT, they do not provide analysis and control of network security policies -- and therefore add little value to the enterprise network security policy change process. Network and security teams who own different elements of the change workflow must analyze each change request with external tools (in some cases manually using a spreadsheet); and urgent changes may just be implemented on-the-fly, with no real control or risk analysis. Needless to say, these challenges are difficult even for the most capable of IT security teams.

ITSM platforms are not equipped with the elements required for efficient network-security changes:

  • Automated mechanisms to analyze and implement changes that span different vendors and platforms
  • Proactive risk analysis for continuous compliance with security policies and regulatory standards
  • Validation that changes are implemented correctly and meet the original requests

So, how can executives ensure that the right processes, people and technology are in place so that the organization can meet its business goals?

The answer is simple: security-aware automation.

Comprehensive solutions like the Tufin Orchestration Suite provide workflow management with automation for network security changes, and can also be fully integrated with any ITSM tool. This enables an organization to manage and automate their entire network security policy workflow end-to-end. With security controls embedded into the process, the risks of compromising network security policy or regulatory compliance are minimized.

At the same time, the network security change process is incorporated to the enterprise's change methodology, ensuring a familiar ITSM environment for end-users that also complies with the enterprise change management policy.

In addition, integration with a service management solution needs to be customizable, so the change workflow is aligned with and tailored to the organization's process flow.

By automating the change process end-to-end with proactive security controls, enterprises can benefit from greater agility based on effective change management for network security policies, unified user experience for change management, and continuous policy and regulatory compliance with enterprise and industry standards.