The challenge is: how do you manage this responsibility? And how do you make sure your outsourcing partner is adhering to your standards? What we see often is that the outsourcing party is doing the reporting; that’s like driving on the highway and giving yourself a ticket when speeding.
In this blog, I will show how you can use automated compliance validation to help you with this challenge.
The current way
A typical approach to manage this challenge is to hire a 3rd party company that periodically performs an audit against the compliance policies. In 9 out of 10 cases, this means a consultant requesting a report from the outsourcing partner, checking it against an excel sheet, and making a judgment call based on the information at hand. But this is a cumbersome and costly process that should be automated in an ideal world.
The challenge with most compliance policies is that they are high-level descriptions stored in documents. For example: “all passwords have to be encrypted” or “all passwords have to be changed every 3 months”. There are literally hundreds of policies and the question is how to translate these into specific rules that can be validated against your router and firewall configurations. And this has to be done in a way that your outsourcing partner can work with it too. It is not enough (nor fair) to assume that they know what policies and rules you need to comply by. That is your responsibility. So how can you do this?
Automated Network Compliance
With Automated Network Compliance, you only need the configuration files from all your devices (you can ask your outsourcing partner for this if you don’t have them). After importing your configs, you run an automated report that will show you all non-compliance issues that need fixing. And that’s it! It’s non-intrusive and easy to implement.
In itself, this is an awesome capability, but it is especially powerful when you have outsourced your network. It not only allows you to check whether you are compliant or not, but it is a huge leverage mechanism to work with your outsourcing partner.
How to start in your network?
We offer a fast start program designed to help implement automated compliance with direct results. In two online workshops, we work together to:
- implement up to five of your most important compliance use cases using the NetYCE platform. Depending on your specific situation we will either install it in your network or run it from the test lab.
- finetune our CIS library (that contains already 90% of all vendor recommended policies and rules) and add the specific ones that apply to your business.
This can be offered as a one-off project, or you can sign up for a NetYCE subscription. In that case, the NetYCE appliance is set up in your network, so it backups all configs and runs these validations automatically whenever a change occurs. Of course with automated tickets, reports, or even auto mitigation.
In short, it’s an extremely powerful method to stay in control of both your network and your outsourcing partner.
(*) From article from CIO Magazine: IT Outsourcing at a Five-Year High
Our #1 priority is helping you in your automation journey. Just schedule a meeting with me! I love to hear about your specific questions.