Cloud Hosting

Starting on March 22, 2019, Capital One bank was the victim of one of the largest data breaches in history. A former employee of Amazon Web Services used her knowledge to bypass security and download credit applications of approximately 100 million people. She was eventually caught, but its still unclear whether the information from those applications was sold or otherwise made available to hackers.

Getty

The breach happened because the hacker was able to take advantage of a misconfigured web application firewall on an AWS cloud application used by Capital One. That was just one firewall out of potentially hundreds. Youll note that there isnt a specific number of firewalls because the number changes as cloud servers are spun up or taken down, or as the banks network is changed.

Because firewalls (a firewall is a device that restricts access to the network to authorized people or devices) are frequently added to an enterprise when specific portions of the network are initially set up, they may not have any commonality. Each firewall will be one of only a few in the company.

The problem that most companies have, especially big companies, is that a lot of this stuff was put in piecemeal, but not with any strategy

This lack of standardization means that each one has to be configured individually in what can only be described as an intensely manual process. And even one mistake can make the firewall ineffective, especially to someone who knows the details of how it works.

Getty

The problem goes beyond firewalls. In many cases a companys servers need manual configuration, so do other security and network appliances. The number of such devices can reach the hundreds, and with cloud accounts, it can reach into the thousands. You can see how managing all of this, even for a properly staffed IT department, can be overwhelming.

Getting a Handle

The problem that most companies have, especially big companies, is that a lot of this stuff was put in piecemeal, but not with any strategy, said Jack Gold, principal analyst at J. Gold Associates. They had an ad hoc process.

We need to retire some of those tasks more quickly, said Tim Woods, VP technology alliances for Firemon. He said that these overly complex, manual processes are making it hard for companies to get a handle on security.

Theyre running away from security, Woods said. He said that Capital One tried to make their changes manually, which ultimately led to the breach. He said that a better way is to automate firewall management.

Woods said that doing all of this manual work also wastes resources. They have their best people doing mundane routine tasks, he said. By automating tasks such as firewall management, We believe you may be able to reap as mu h as 40 percent reduction in repetitive work cycles.

How to Automate

A company needs to look for that low-hanging fruit, Woods said. If I can automate those low-level tasks, itll make a big difference, Wood said.

Diagram of Automation

Woods also said that preparing to automate your configuration process, gives a good opportunity to evaluate your processes and to validate your expectations of what youre trying to do.

Setting sensible requirements is an important first step in automating your firewall management. The goal needs to be to automate those activities that require the most time and are done the most frequently. Activities that occur only occasionally and require little time arent good targets for automation.

To determine what the good targets are, you need to study the workflow of your IT staff in regards to firewall, server and other types of configuration. Find out where they spend the most time, and what tasks require tedious steps, and start with those tasks, because those are the low-hanging fruit Woods mentioned.

Once youve determined your beginning tasks, its time to look for an automation provider. Firemon is one of those. So is Tufin and other companies.

As youre implementing the automation platform, you will also need to determine your larger goals. Are you primarily focused on overall security? Compliance? To some extent your goals will dictate your process.

Or Maybe Outsource

Jack Gold isnt so sure that automating your firewall management is necessarily the best answer. Instead, he suggests looking at ways to ease the management effort for starters.

What they should be thinking is whether can they standardize on something. He said.

Its much easier to build out an orchestration platform of some sort if you get all of them pretty much the same.

Getty

Another possibility is that companies are outsourcing, Gold said. They do networks as a service (NaaS). They just pay a monthly fee. Theres a high value in preventing security breaches and data loss, but theres not a high value in managing all of this. Managing those devices is overhead.

The complexity has always been there and probably will always be there, Gold explained. Networking as a service is getting some legs because companies dont want to deal with it. Also, IT doesnt have the resources to deal with it.

He said that its important to ask whether there are better places where you can put those resources.

Gold pointed out that the nature of networking is changing with the nature of IT. In the past companies felt they had to control their destinies themselves, he said. Thats changing with the cloud-based services.

Getty

Gold explained that the growth of SDN (software defined networks) means that you need to consider whether you should even be running your own networking.

Things are moving to SDN, Gold said. New gear needs to be SDN capable. NFV (network function virtualization) needs to be supported.

NFV, in which the basic functions of networking exist in software, is critical to the operation of virtualization and thus to cloud computing.

Outsourcing your networking and network operations lets your focus your efforts on the activities of your business, and not on hiring even more staff to just run the network and its related security requirements.

Major network companies, including Cisco and IBM offer NaaS, and that part of their business is growing fast. It may be that outsourcing your network will be the real solution to the overwhelming complexity of managing configuration and operation of your network.

View post:
The Risk Of Complexity And How To Fix It - Forbes