For IT staff in global enterprises, adding a new employee is far more
involved than finding a desk and a chair for the new hire.
Typically, it means huddling over spreadsheets, muttering to themselves
as they figure out what changes to make to access rights and policies while
taking into account a labyrinthine array of legal, departmental and
Multiply that scene by thousands of users, spread over different
countries, and you have the massive, frequently chaotic process that takes
place practically every week in major companies.
In response, firewall vendors are looking to help IT fight back using
policy management automation solutions, designed to simplify the task of
managing policies — and minimizing the risk of human error.
AlgoSec this week unveiled FireFlow, which automates policy change
management and integrates with existing processes — such as the e-mail and
Web-based forms typically used by department heads to request adding or
removing a user’s access.
News of AlgoSec’s new release, which is due to ship next quarter, comes a
few weeks after rival Tufin Technologies announced version 4.2 of its
flagship SecureTrack product. Tufin also announced SecureChange Workflow, an
offering targeted specifically at security policies.
A routine process fraught with challenges
Each solution takes aim at the mundane but necessary task of managing
user accounts — a chore growing more time-consuming and prone to problems
thanks to global offices, mounting regulatory policies and increasingly
Typically, enterprise groups use e-mail and Web- or paper-based forms, to
request changes, which are then recorded and carried out by corporate IT.
“The process was basically manual — you send an e-mail saying ‘Please
add this user to whatever’ and it was a slow, disjointed process,” AlgoSec’s
vice president of marketing, Aimee Rhodes, told InternetNews.com.
Burton Group senior analyst Pete Lindstrom agreed. “It’s common to put in
e-mail requests or log changes in an Access database or a spreadsheet,” he
But a manual process becomes a major chore when large companies’ IT
staffs have to weigh thousands of policy rules governing which employees can
access certain resources.
“It’s not uncommon for folks to have 40,000 to 50,000 rules across
hundreds of firewalls in today’s large environments, and having a dedicated
application to manage them is gold,” Lindstrom said.
When coupled with a sprawling, international staff, this process of
tracking user rights and privileges often proves even more taxing.
“We have lots of customers in the financial sector that are globally
based, and they’re making two to three changes to policies a week,” Rhodes
In addition to having to manage the sheer volume of requests, the problem
is often exacerbated by regulatory and other legal concerns facing large
This article was first published on InternetNews.com.