Katie Burton

The importance of provisioning network and security resources is often times overlooked. In the course of moving Data Centers from bare-metal infrastructure to virtual machines, most network and systems administrators have opted out of automating provisioning. This article aims to articulate some of the possible reasons why, and ways to get started with automation.

Task validation is higher priority than Provisioning

According to a survey by Indeni and GNS3, operations and engineering are focusing more on ensuring the availability and security compliance of resources. Tasks that focus on boosting network visibility and observing vendor best practice were found to be higher on administrators’ priorities than provisioning. When asked if they use IaaS provisioning in the allocation of network-based resources, only 33% of the respondents said yes. Of these, 28% said they used onsite provisioning while just 21% use cloud-based provisioning. 51% of the administrators interviewed said they combine both methods of provisioning.

Benefits of Automated Network Security Device Provisioning

There are a number of benefits to automationing the provisioning of services to network and security devices. Some of these benefits include:

  • Make changes faster
  • Enforce policies
  • Ensure compliance
  • Avoid security breaches
  • Reallocation of resources

At the same time there are a number of inhibitors to getting started. To automate the provisioning of a network or security device, the knowledge of the device (eg. Check Point, Palo Alto Networks, Juniper or Radware) and the interdependencies of the network need to be documented, and turned into code. Questions to consider:

  • Does the provisioning rules and instructions come from the vendor?
  • If the vendor has a robust library out of the box, does that pre-built policy or workflow apply to your environment as is?
  • Are all possible scenarios considered? OK to provision changes on every versions of CheckPoint firewalls? OK to complete on virtual and physical machines?
  • What happens if X feature is enabled? Disabled?
Related Article  What Is Missing From Your Security Operations Strategy?

For these reasons, and many others, administrators want the opportunity to approve a change before it goes into production.

How to get started with automated provisioning

In order to teach a machine the steps to follow, someone must document the steps in the first place. I love this quote from Donald Knuth about a computer:

These machines have no common sense; they have not yet learned to “think,”
and they do exactly as they are told, no more and no less. This fact is
the hardest concept to grasp when one first tries to use a computer.
– Donald Knuth (1968). “Preface”. The Art of Computer Programming,
Volume 1: Fundamental Algorithms. Addison-Wesley.

Many organizations, including MasterCard, OfficeDepot and Pfizer are leveraging the wisdom of the Indeni Crowd to convert historical knowledge into reusable code, and continuously validate that their devices are working as intended.

You can learn more about the findings of Indeni’s automation survey by clicking here. Ready to explore crowd-sourced automation? Learn more about the Indeni network automation.