In today's world, organizations come in all shapes and sizes, and they all use different technologies to manage their business needs. They are dependent on public cloud or private cloud or a combination of both for their infrastructure needs. The growing business needs are forcing organizations to adopt agility in service delivery, but organizations are still facing outages that last a long time bringing down their critical business services and resulting in revenue loss. Recently we heard the news about a couple of major airlines that experienced system wide outages, causing a huge impact to their business. We also read about a someone hacking into a major organization's business critical systems and exposing data to the public.
Any system wide outage generally finds its root cause in the organization's firewall space. Any firewall failure or change can bring the entire system down, thus impacting the end user's ability to access business services, internally or externally. A recent research study by Tuffin Technologies revealed a major root cause for such failures is because of human error. Interestingly one third of organizations agreed that they still manage firewall changes manually. Because of this complexity, many organizations self-impose firewall change freeze during major holiday seasons like Christmas. The complexity involved in executing a change forces them to take significant risk during such seasons.
So, how is a modern enterprise supposed to maintain agility while mitigating the risks introduced by frequent change?
If Network Security teams and IT Operations teams work in silos, more complexity is added to the equation. Although both teams are working towards a common goal, lack of automation and an effective change management process are contributing to the problem. Every new hire, every software patch, every upgrade, or any organizational change that results in people moving within the organization opens a new gap between the Security team and the Operations team. Mature business process automation and a well-managed change process can fill this gap.
Let us study a simple task of a planned Firewall change and see how business process automation and orchestration can simplify this task. ServiceNow platform capabilities will allow you to quickly implement and manage the process effectively. The following diagram explains one of the many approaches to automating a Firewall change.
If you look at the above sample process, the human errors involved in steps like reviewing the change, implementing the change, and auditing the change can be completely eliminated by automating them using business rules, workflows, and orchestration.
There are commercial third-party software tools available for managing the firewall change automation. Not all tools will manage all types of vendors. Enterprises often get confused, and must decide between buying an external tool or building it in-house to integrate into their ITIL processes, especially into change management processes.
The following are some of the key capabilities in the ServiceNow platform which you can take advantage of alongside other Firewall Management point-solutions.
- Role based Catalog for Requesting New/Modify Firewall policy.
- Self Service Catalog experience eliminates the challenges associated with requesting a firewall change.
- Role based access allows separation of duties, such as requestor, approver etc...
- Take Advantage of a Service-Aware CMDB to connect the Groups/IP Zones attached to the firewall policy
- Service-Aware Firewall policy definitions help maintain alignment with ITIL Processes
- Through simple configuration, you can define different network services associated with Firewall Rul
- Similarly, you can define multiple inbound/outbound rules and attach to an existing or a new policy
- Initiate Change Management Process
- All Policy Definition and Rule Definition Changes are logged for simple auditing
- Create Alert for the CIs Associated with the Firewall policy.
- Enables Change Advisory Board to view the Impacted Business Services and CIs using Service Mapping and Dependency Views
- Using Workflow and Orchestration capabilities, the firewall policy changes can be implemented in an automated fashion.
- Create an Audit Event to trigger an Audit Workflow
- If the Audit is successful, close the Change Request, the related CI Alerts, and any other tasks relating to the change.
The above is an example use case to show how you can automate some of the processes associated with firewall automation. This can be expanded to build complex processes meeting your needs.
The power of automation and orchestration allows you to break down the barriers between security and operations teams. This leads to increased operational agility, while at the same time reducing the risk associated with frequent change.
