This is a great article (by me!) why it is hard to implement firewall changes in big enterprise companies. It is based on customer feedback and my own background as a software engineer.
There is a lot of movement towards a more agile IT, driven mostly by the application and developer community and the article lays out how we (Network and Security) fell behind. Networking and security is now seen as the people slowing down business and that results in a uncomfortable situation for all of us.
I have been thinking about this and the run for cloud services may be partly driven by us being so slow while AWS, Azure and GCP seem to be so convenient and quick for anyone wanting to spin up an environment.
Part of the pain we are experiencing in our day to day work trying to secure our datacenters is, that we try to use our network architecture for implementing security segmentation. Every security change will be a network change that way and every network engineer or network operations person knows that change is the source for failure.
„We can easily spin up a VM or a cloud instance, we have a self-service portal that allows us to choose the instance type, location and networking parameters. Next, we are able to create machine and application certificates for this workload through a automated PKI process. However, it may take several days to get all the internal firewall policies and changes in place to connect that workload to our applications“