Using Firewall Change Management to Align Security with the Business

Firewall change management  is a complex process that spans multiple departments and requires lots of energy, time and focus to get right. But doing it right is well worth it! In our State of Network Security Survey 2013, more than 75 percent of organizations suffered a network or application outage due to an out-of-process change, and 80 percent of organizations experienced an outage, breach or decreased performance from an application-related firewall rule change.

Why is there such a high rate of security and operational breakdowns when it comes to making security changes? Many organizations’ network security environments consist of thousands of security access rules, highly connected business critical applications, and lots of firewall changes that must be processed. Key challenges:

1. Poor alignment of key stakeholders: The involvement of security, network operations, application owners, and others, who are used to working in their own silos is one key area to address. By incorporating all of the key stakeholders into the change process, you allow for the proper checks and balances and provide the proper visibility from all angles (application connectivity needs, security and compliance checks, and broader network requirements).
2. Manual processes: Adding to the challenge of poor alignment across different teams is that way too much is being done manually. In our “State of Network Security Survey 2013,” the findings showed that the biggest challenge of managing network security devices was around manual, time-consuming and poor change management processes. By automating the security change process, you can can improve visibility, simplify and streamline the necessary checks and balances and not only improve security but also business agility. Sound process aided by automation enables the different stakeholders to more easily and effectively communicate with each other, respond to changing business needs more quickly and transparently.
3. Think about change management in application terms: Most firewall rule changes are driven by dynamic business application connectivity requirements, but there is poor visibility in terms of tying the business needs with the underlying security policy. Improving visibility from an application perspective and understanding the impact of making an application change by associating all firewall change requests to the appropriate application can dramatically increase up-time and performance of business critical applications.

We will be examining the firewall change management process more in depth on Tuesday, 8/20 at 11am ET in a webcast titled “How to Take the Fire Drill out of Making Firewall Changes“. We hope to see you there!