A large financial services company had been afflicted by a common enterprise-grade ailment: inability to update security policies on time. Customer access to secure and confidential data was being hampered by the speed at which the access could be manually provided by the SecOps team. This slow access to data led to customer issues on making business decisions and questions of whether the service was worthwhile.
This manual processing of requests led to backed up request logs, where a new request would take upwards of 4 hours to satisfy, at which time the request would no longer be relevant leaving a disgruntled customer.
The companies question became, how can we automate the CRUD (Create, Read, Update and Delete) operations for the security policies while maintaining our existing tools and policies.
A User Request to update their security policy leads to a ServiceNow ticket being created with a selected existing policy to manually change.
SecOps team members now manually go through entering the changes that were selected. Manually checking the updated policies and hoping they have not been updated incorrectly.
SecOps team members go through the commit and push phases of deployment for each device group specified, then a final check to ensure the new policies are updated. ServiceNow record is now updated and closed.