Updated: Aug 28, 2025
Ananya Tyagi runs IT for a 900-person ITeS firm in Hyderabad. Monday morning, a client audit pings her about stale firewall objects. By noon, a sprint adds a new API that calls a US region by default. At 16:00, a contractor asks for a tunnel that was “temporary” in May. None of this is rare. If you run delivery centres in India, you see the same pattern, fast change and quiet drift. You can keep adding boxes, or you can run the firewall as an operation with clear ownership, short feedback loops, and numbers that tell you the truth.
Projects spin up fast across Bengaluru, Pune, and Gurugram. Teams add SaaS, stand up test VPCs, and invite partners. Risk does not come from a lack of features. It comes from rule sprawl, any any permits, and exemptions that never expire. Encrypted traffic hides exfil in TLS, QUIC, and HTTP/2. Split tunnel VPNs move code but also move risk. You do not need more devices. You need a run where rules have owners, decrypt is selective, and changes follow a plan you can defend to a client CISO.
Monday, a shared console shows overnight digest items that matter. Three new talkers from a test subnet, a drift in an API allow list, and a decryption break on a developer tool that auto-rolled back. Each item has an owner and a timestamp. No hunting in email.
Tuesday, a client conduit to a VPC goes live. A template adds tags for account, project, and owner. Pre checks run. The change lands at 14:00, with a rollback on standby. The conduit allows only the CIDRs and ports that the contract lists. Logs fold into the dashboard you share at the weekly steering.
Wednesday, an AI plug-in tries to post to an unapproved region. Egress policy stops it, raises a ticket, and proposes an allow list with the owner and expiry. The team reviews at 18:00. If the owner signs off, the rule exists for a fixed window, then it expires.
Thursday, a quarterly drill pulls evidence for ISO 27001 controls and a CERT In playbook. You do not scramble; you export an evidence pack that maps logs to control statements and timelines. You send it to the audit team, who add a narrative and submit.
Friday, leads review five numbers: policy to incident ratio, rule age, change success, mean time to detect, mean time to respond. Miss a target, assign an action. Next week’s plan reflects it.
A team flipped on a new microservice that called a third-party API from an unpinned region. The managed run blocked egress, suggested the correct endpoints, and opened a time-bound exception while the team patched config. MTTD fell from eighty minutes to twelve minutes over the quarter. Tickets dropped by about forty per cent.
During a late change, a stale object collided with a new rule. The runbooks caught the conflict in pre-checks. The window kept its slot. Change success sits at 98% since the move to planned windows and tagged owners.
Identity is the spine. Rules tie to groups from your identity provider. Device posture feeds policy, you read from your endpoint stack and MDM. API gateways, storage buckets, and CI runners live as first-class edges with their own rules. Developer flows keep speed, you avoid heavy decrypt on package registries and build artefact routes, and you inspect where it blocks real risk. You keep console access and write rights by role. You see who requested and who approved every change.
What does it cost? In most midsize firms, the run costs less than adding one full-time security engineer, and it starts now. What is the SLA? You get named owners, change windows, and a target for MTTD and MTTR that you can put in a steering deck. Where does the data sit? Logs and evidence stay in your tenancy per contract. Who presses the button? You do, when you want to. The run team executes the change to plan and publishes numbers you can check.
Leads do not want a feature list. They want trend lines. Policy to incident ratio shows whether rule hygiene matches the speed of change. Rule age shows when a project stopped caring. Change success, MTTD, and MTTR tell you if your runbooks work. Publish these every week, and you will see drift before a client does.
ITeS deals live and die on trust. Client data separation across projects is non-negotiable. So is time-bound access for contractors and vendors. Every exception must carry an owner, a scope, a start and end time, and logs. When a client asks for proof, you should export it, not rebuild it.
Proactive operates the run as a Cisco Powered service. You keep control and final say. We assign a named team that knows your accounts and projects. We publish the five numbers every week. We run selective decrypt for browsers and APIs, with break rate tracking. We run time-bound access for vendors and contractors with auto-expiry and full audit trails. We produce evidence packs for ISO 27001 and CERT In on short notice. Your engineers ship. Your audits pass.
Start with a joint baseline of rules for two key accounts. Retire shadows and duplicates, and tag every rule to an owner. Pin egress for SaaS and AI tools to known regions. Set selective decrypt for browser traffic, and keep developer tool portals out of decrypt if needed. Move changes into planned windows with pre-checks and rollback. Publish the five numbers every week. If a number slips, change the runbook, not just the device.
Schedule a 30-minute consult with Proactive, remote or on-site. In one session, we map your two riskiest conduits, surface stale rules, and set a first change window with owners. Leave with a one-page action list for the next 30 days.
