How To Use Automation To Drive Revenue Growth And Cost Reduction
By Andrew Kahl, BackBox
Not all automation approaches are alike when it comes to addressing the challenge of securing network architectures. There can be huge variations around cost, performance, accessibility, and scalability depending on how the network management automation initiative is designed and implemented. All these variations are amplified for MSPs as they seek to serve what may be dozens or hundreds of different customers.
To begin with, some network automation partners offer solutions that are not powerful, adaptable, or comprehensive enough to securely handle the wide range of what might be thousands of different tasks and enterprise functions that lend themselves to automation.
Especially critical for MSPs are the shortcomings some automation partners have when it comes to supporting the variety of vendors required for MSPs to serve the needs of the many different enterprises that make up their client base.
Accessibility can be a challenge as well. Even if a network management solution addresses the business needs that MSPs must solve for clients, those solutions will be of limited use if they’re not accessible to the business user. Tools that require software development skills or dedicated resources to operate are poor choices for these environments. They may be overly complex and lack out-of-the-box convenience that would allow the MSP to tailor a pre-defined automation to a novel use case through self-serve customization tools like no-code and low-code interfaces. This leads to an over-reliance by the MSP on vendor support from its network automation partner, sapping time and cutting into the MSP’s bottom line.
MSPs market themselves for their advanced capabilities in network management and firewall management. Here are six critical elements of network management automation for MSPs to bear in mind to provide exemplary service and management to clients:
Disaster Recovery: Backup And Restore
Highly available and well-orchestrated network infrastructure backup and recovery systems can reduce downtime and cut the risk of lost or compromised data from outages. Imagine a critical path firewall that has experienced a hardware failure. How quickly can you failover to a secondary route, replace the equipment with a new, fully configured firewall and reroute the traffic without automation? When your network is down your business stops and you can’t afford to risk the downtime.
OS Upgrade, Patch, And Vulnerability Management
Network management automation tools and processes benefit from integration with your vulnerability and risk management solutions. Combining their capabilities allows you to strategically plan your infrastructure upgrades and rapidly accelerate implementation. Organizations with a large number of remote offices without local IT staff, like retail and restaurant chains, as well as MSPs, see an especially high ROI for automation efforts of this type.
Managing Privileged Access
While most changes should be made via the network automation tool, at times engineers may need to make changes by hand. In these instances, it’s incredibly important that a) automated device backups occur before and after each critical step of the change and b) this “privileged activity” be done from the automation server using access management capabilities. This ensures that you can lock down where changes can originate from and maintain a detailed, immutable log of all activity.
Compliance Validation And Automated Remediation
Most organizations use compliance standards, such as those from NIST and CIS, to provide a baseline for data management and privacy protection. Network automation tools can audit device configurations in real-time to ensure that they adhere to compliance standards; industry best practices related to management policy endorsement; and firewall rule maintenance. One way to leverage this technology is to orchestrate an “intelligent check,” where the automation platform searches your configurations for misconfigurations that would drive you out of compliance, recommends remediations, and gives you the option to activate those changes in real time or at a determined schedule.
Cybersecurity Asset And Attack Surface Management (CAASM)
Especially as other forms of automation swell the size of the IT estate and the range of assets involved, network management automation is the key to maintaining visibility and control over these expanded asset ecosystems. For example, in hybrid-cloud environments where CI/CD processes dynamically reconfigure and provision new computing assets daily, connecting your CAASM system with both your ITSM platform and your network management automation platform can help ensure that as new resources are added to the network, they’re added in secure and managed ways.
IT Service Management (ITSM)
Network management automation can bring consistency and standardization to the ITSM framework an organization uses to design, build, deliver, operate, and control information technology services offered to customers. As one example, as new server VLANs are assigned, the network automation tool can deploy configuration changes to data center switches and apply rule updates to upstream firewalls. Network management automation tools must integrate with the organization’s ITSM and service desk tools to enable closed-loop automation.
The good news is that with a proactive strategy that avoids these pitfalls, MSPs can transform their operation into one that’s more responsive, reliable, and resilient on behalf of their clients. The right network management automation approach can be the foundation for MSPs to differentiate themselves by providing a continuous improvement management ecosystem that optimizes technology and talent utilization, continually updates and validates their clients’ management posture, and reduces overall risk to the MSP and its portfolio of enterprise customers. Data may be the lifeblood of a company, but if there is no plan to ensure the health and security of your network, then the data can’t flow and that is not a risk worth taking.
About The Author