Making the Business Case for Firewall Policy Management: Part 2 of 4

In our first blog of this series on the business case for firewall policy management, I examined the potential cost savings from an audit perspective. Part 2 will focus on the financial value of reducing the time required to process firewall changes.

Many organizations struggle with change processes because business requirements are evolving at a rapid pace and networks are increasing in complexity. The convergence of these two challenges puts a greater onus on organizations to process more changes… fast enough to ensure business agility, but with the proper checks to ensure security and business continuity. The problem is that most organizations are not efficient in the way they manage firewall changes:

• Relying upon manual processes minimizes business agility because it typically takes too long to process a change, which often involves members from multiple departments (security, security operations, network operations, audit, etc.).
• About 25% of performed firewall changes are not necessary (a rule already exists to handle the requested change), and 5% are implemented incorrectly. Improper management of changes can have a major impact on IT staff bandwidth and can lead to serious business risks, from issues as benign as legitimate traffic being blocked, all the way to the entire business network going offline.

Some organizations are so concerned about change control and its potential negative impact that they resort to network freezes during peak business times.

So what does all of this mean from a financial perspective? Here are the key metrics you need to identify to understand your cost of managing change requests today:

• Identify the number of firewalls in your environment
• Determine the number of changes on average made to each firewall over the course of a week/month (then tabulate this over the course of the year)
• Determine the amount of time spent manually processing each firewall change
• Determine the average weighted cost of staff responsible for performing the audit

Now that you have this information, you can start to crunch some numbers to understand what you are spending to process firewall changes:

• Multiply the number of firewalls by the number of hours spent processing changes on each firewall
• Multiply the weighted cost of staff responsible for performing the audit by the total number of hours spent manually auditing each firewall

Getting a return on automating your firewall changes is pretty straightforward. Customers that I’ve spoken with have told me they’ve shaved the time required to effectively process a change request in half. Additionally, AlgoSec can automatically identify and close the 30% of unnecessary or improperly processed, requests, while ensuring changes are performed exactly as requested. And by avoiding adding unneeded rules to the policy, organizations can achieve significant savings from future clean-up projects. Watch a 30 minute webcast titled “Show Me the Money” to go through this example (and others) in more detail.

What annual cost savings do you come up with?

Visit AlgoSec.com for more information on Firewall Policy management