We recently ran a survey to Security Administrators via the LinkedIn Information Security community. We received over 450 responses from around the globe. The most interesting findings from the survey came from an open question which we didn’t include in our results. The question asked, ‘If there was one thing that could make life easier administrating a security device, what would it be?’
Three things stood out. Automation, centralised management and, finally, identity and access management.
Over our next three blogs we are going to look at each of these areas, starting with automation.
So why did a large proportion of administrators think that automation would make their life easier?
I can always remember a few years back going down into the depths of the organisation to see IT. I remember thinking to myself that they always seemed to be doing anything apart from working. This was later substantiated by a friend working in that department who spent a lot of their time playing online games. Note that this was in a company of 1000+ employees! Many others I am sure think that IT still do very little, and the reason why they want automation is to be able to continue to do very little. But, I’m not one of those people. IT has moved on since then by taking on more responsibilities without increasing the headcount. The desire for automation must be because administrators can see a time in the future when they will become overwhelmed.
Administrators have to perform a lot of regular tasks. They have to provision new users, revoke leavers, schedule backups and pull configuration details. All this while between change roles and responsibilities on the same devices. For the smaller organisations this isn’t such a problem but for the larger ones the demand rises. I recently came across a big global organisation where it was taking 9 hours to make a user change. And they seemed to be doing this on a weekly basis! (I guess that is why some of the responses to the survey indicated that provision and revoke users was all the seemed to do).
Administrators also have to schedule back-ups, configure devices, bring down devices install patches, upgrade software… this list goes on! Also, on top of that, they have to enter changes into their change management system. The majority of these have to do a large proportion of their daily tasks MANUALLY.
So, in my view, administrators want to be able to automate many of the daily routines so that they stand a chance of coping with the increasing workload. I will discuss one of these workload areas in more detail in my next blog on centralisation.
It’s unlikely that there will be complete automation for all tasks, some will have to have some level of manual intervention. For example, provisioning a new user is likely to have some input required. But there is no reason why that user can’t be automatically provisioned, or revoked, across selected devices with a click of a button.
One of the things that puzzles me is why don’t vendors do more around automation with their devices. Some vendors do try and make things easier with their management platforms. But the impression I have speaking with people is that they are, on the whole, rubbish. In a previous organisation we had one of these management platforms which meant to provide central management of our devices. It was promoted as that but, as with many things, what you got didn’t turn out to be what you thought you were getting. These vendors are getting little, if any, revenue for these management platforms. it’s seen as a cost rather than an income and so it receives minimal investment. Which goes a long way to explaining why many of the platforms are rubbish and why they are not offering complete automation capabilities.
Another element on why vendors haven’t invested in this area is that customers haven’t been calling out for this. Vendors try to engage at senior levels, usually ending up engaging at the mid-level of IT management. Both the senior and mid-level have a slight gap between them and an administrator when looking at the workload. The senior and mid-level people believe that the teams are coping and have the bandwidth to handle more work. Even more so when they outsource some of these elements to overseas 3rd parties. This is why they haven’t been pushing for comprehensive management platforms that provide automation.
Whether anything changes in the short term is unknown, I suspect not. At least until a time when administrators can no longer perform all their daily tasks. Or because they have finally become overburden with things and that might be too late for both the organisation and vendors. Even if vendors do get their act together they will only automate tasks for their own specific devices. Yet companies can have tens if not hundreds of different vendor devices. This means that administrators will have to manage a complex number of vendor specific management devices… Which leads me onto Centralisation.