Are Firewall Misconfigurations Putting Your Clients At Risk?

These oversights can lead to three severe outcomes for your customers.

Firewall misconfigurations happen every day. Jeff Styles, the Chief Customer Officer at FireMon, points out, however, when IT infrastructure changes and the speed of business increases, there’s a greater chance that mistakes will happen. “Change is a killer in IT,” Styles comments. “Lack of training, sleep, rate of change and policy complexity all make firewall misconfigurations more likely.”

So, when government leaders issued stay-at-home orders in 2020 due to the coronavirus pandemic, many businesses quickly transitioned to remote workforces – and the chances of firewall misconfigurations grew.

“In a matter of days, MSPs had to beef up teleworking and VPN capacity from 10 to over 50 percent of a company, depending on the vertical and the business,” Styles says. “Companies had to expand their entire infrastructure to handle remote work, some accelerated movement to the cloud and MSPs had to deal with a whole laundry list of policy, profile and permission changes. It was pretty explosive,” Styles comments.

The circumstances certainly created a likelihood of errors, but a firewall misconfiguration during the transition to remote work couldn’t have occurred at a worse time. Unfortunately, many employees weren’t accustomed to remote work – or adept in security best practices, especially considering they were working from vulnerable home networks. And hackers ramped up activity to take advantage of the situation.

Crucial Policy-Level Configurations

Styles says policy-level firewall configurations are typically a business’s first line of defense. On behalf of your clients, firewall policies allow you to enable access to applications that employees are permitted to use, prohibit others, and block malicious traffic. Unfortunately, common firewall misconfigurations often result in overly permissive access.

Styles says policy-level misconfigurations can occur in a variety of ways. For example, if you fat-finger an object, designate an incorrect zone when onboarding a new customer, or mistakenly create a rule that bypasses the egress filter.

Unfortunately, firewall misconfigurations can lead to three severe outcomes for your clients:

  • Compliance violations: A properly configured firewall is necessary for businesses to comply with PCI standards or regulations in retail, finance or healthcare. Noncompliance leads to fines.
  • Breach avenues: A firewall misconfiguration that results in unintended access can open the door to breaches, data loss and stolen or ransomed IP.
  • Unplanned outages: A misconfiguration could prevent a customer from engaging with a business, and that downtime leads to lost revenues. For example, large e-commerce businesses could lose thousands or even millions of dollars until the error is corrected.

Firewall Misconfigurations Have an Impact on Your Business, Too

Firewall misconfigurations can also have a significant impact on your business. “Businesses are trusting you to secure their data at the speed at which they’re trying to move,” he says. You don’t want to lose that trust.

“Automation is the key to handling speed and volume with the least errors,” Styles says. Automation also helps reduce human error, improve service levels and prevent friction.

“It’s also something you can monetize. For example, you can promote reducing misconfigurations by a certain percentage. So automation can benefit MSPs who want to capitalize on it,” says Styles.

Your Clients Need More Than a Band-Aid Solution

Being forced to work remotely during the pandemic proved that connecting through video conferencing and accessing common applications and files is possible. Moreover, remote work can be more comfortable for employees – and less expensive for businesses. In today’s world, work isn’t where you go; it’s what you do. Per the latest research from Cisco, 57 percent of workers expect to be in the office 10 days or less per month. Also, 93 percent of small to midsize businesses (SMBs) rank hybrid working as a top three priority.

“They were so averse to it, but the pandemic forced everyone to embrace remote work, and now they see the financial savings of it,” Styles says.

It’s crucial to double-check for firewall misconfigurations and ensure the speed of change didn’t cause you to overlook what your clients need for secure, long-term remote operations. At the very least, it can help maintain your clients’ trust that you’ve worked so hard to build.