While the reasons are murky, a new survey from Tufin Technologies, a provider of firewall management software, makes it pretty clear that most IT organizations are still dependent on manual processes when it comes to managing IT security.
The irony of this situation is that cyber criminals and other digital miscreants are relying on automated tools more than ever. That means that not only is the volume of attacks increasing, but so, too, are the complexity and sophistication of those attacks.
Whether IT organizations are relying on manual processes because of fears over job loss, a lack of trust in automated tools, lack of funding or sheer inertia is unclear. But manual processes are prone to error and the people performing these tasks could be doing something that adds more value to the business.
According to Shaul Efraim, vice president of marketing and business development for Tufin, security in general needs to be a continuous process in order to deal with the nature of modern malware. The problem, however, is that most IT organizations continue to take a reactive rather than proactive approach when it comes to IT security.
Worse yet, the overall IT environment is becoming more complex with the advent of virtualization and cloud computing, which means that without some form of automation, IT security professionals will not be able to keep pace with all the systems and applications that need to be secured both inside and outside of the traditional enterprise. And the fact that no one is really sure who has administrative rights to manage those systems doesn't help matters either.
Efraim argues that tools that allow IT organizations to apply policies across multiple firewall systems are going to also be more cost-efficient in a world where most organizations have multiple firewall platforms from different vendors.
There are many things that IT organizations need to concentrate on in 2012. But before they have the time to accomplish any of those goals, they need to take a hard look at the tasks that are consuming their time today. Chances are pretty high that many of those tasks could be automated in ways that would not only improve the quality of the process, but also free up one of the scarcest commodities in all of IT: the time IT professionals have to work on any given problem.