Published: 07 June 2010
We recently ran a survey to Security Administrators via the LinkedIN Information Security community and surprisingly got just over 450 responses from around the globe. The results of the survey can be found on the Osirium website (www.osirium.com) but some of the most interesting findings came from an open question which we didn’t include in our results. The question asked ‘If there was one thing that could make life easier administrating a security device, what would it be?’
Three things stood out - automation, centralized management and, finally, identity and access management.
Over our next three blogs we are going to look at each of these areas, starting with automation.
So why did a large proportion of administrators think that automation would make their life easier?
I can always remember a few years back occasionally going down into the depths of the organisation to see IT and thinking to myself that they always seemed to be doing anything apart from working, which was later substantiated by a friend working in that department who spent a lot of their time playing online games (and this is in a company of 1000+ employees). Many others I am sure probably think that IT still do very little, and perhaps the reason why they want automation is to be able to continue to do very little. However, I’m not one of those people, I think IT has significantly moved on since then by taking on more responsibilities without increasing the headcount and I think that the desire for automation is because administrators can see a time in the future when they will become overwhelmed with all that needs to get done.
Administrators have to perform a lot of regular tasks – they have to provision new users across devices, revoke leavers across these same devices, schedule backups and pull configuration details, while in between change roles and responsibilities on the same devices. For the smaller organisations this isn’t such a problem but for the larger ones the demand rises astronomically. I recently came across a big global organisation where it was regularly taking 9 hours to make a user change, and they seemed to be doing this on a weekly basis (I guess that is why some of the responses to the survey indicated that provision and revoke users was all the seemed to do). Administrators have to schedule back-ups, configure devices, bring down devices install patches, upgrade software, pull out diagnostic and compliance information and on top of that enter changes into their change management system – and the majority of these have to do a large proportion of their daily tasks MANUALLY.
So in my view I think administrators want to be able to automate many of the daily routines so that they stand a chance of coping with the increasing workload. I will discuss one of these workload areas in more detail in my next blog on centralization.
It’s unlikely that there will be complete automation for all tasks, some tasks will have to have some level of manual intervention. For example provisioning a new user is likely to have some input required but there is no reason why that user can’t be automatically provisioned, or revoked, across selected devices with a click of a button.
One of the things that puzzles me is why don’t vendors do more around automation with their devices. Some vendors do try and make things easier with their management platforms but the impression I have speaking with people is that they are on the whole rubbish. In a previous organisation we had one of these management platforms which was supposed to provide central management of our devices. It was promoted as that but, as with many things, what you got didn’t turn out to be what you thought you were getting. These vendors are getting little, if any, revenue for these management platforms, it’s seen as a cost rather than an income and so it receives minimal investment - which probably goes a long way to explaining why many of the platforms are rubbish and why they are not offering complete automation capabilities. I think another element as to why vendors haven’t invested in this area is that customers haven’t been calling out for this – traditionally vendors try to engage at senior levels, usually ending up engaging at the mid level of IT management. Both the senior and mid-level have a slight gap between them and an administrator in terms of the workload of an administrator and capability to effectively and efficiently perform and complete their work. The senior and mid-level people believe that the teams are coping effectively and have the bandwidth to handle more work, even more so when they outsource some of these elements to overseas 3rd parties – which is why they haven’t been pushing for comprehensive management platforms that provide automation.
Whether anything changes in the short term is unknown, I suspect not, at least until a time when administrators can no longer perform all their daily tasks because they have finally become overburden with things and that might be too late for both the organisation and vendors. Even if vendors do get their act together they will only automate tasks for their own specific devices and yet companies can have tens if not hundreds of different vendor devices. This means that administrators will have to know and manage an increasingly complex number of vendor specific management devices.....which leads me nicely onto Centralisation.