IT automation started out with administrators making simple tools that would help them accomplish the same task again and again. Today, IT automation has grown into its own industry, as there has been an increasing need to meet the growth of IT itself. Security automation isn’t far behind.
As any environment grows, the need for security, and security automation also expands. Eventually, an environment can get so large and complex that it becomes virtually impossible, not to mention tedious and time-consuming to manually harden and patch every asset. If the company wants to think about implementing more security automation in its environment, here are five important considerations:
- The cloud. Most IT security people would agree that cloud computing has been built on automation. Organizations have flocked to cloud service providers to take advantage of massive scale and flexibility in resource allocation, allowing their business processes to adapt more effectively. Those scale and flexibility benefits only exist because of the degree to which automation gets applied in cloud environments. Securing cloud environments and assets requires that same level of automation. The core security controls might be the same, but they have to get tightly integrated with the automation in operational use in the cloud.
- Reliability. Automation isn’t always just about scalability. There’s also an important relationship between automation and reliability, and therefore security. Having human beings perform the same process over and over again can introduce errors. Human-driven processes are fabulously flexible, but not reliable. Automating a process can and should make that process more reliable and secure. If implemented properly, automating a previously manual process will remove the chance of human error, and ultimately reduce the number of incidents that occur.
- Legacy environments. Automation also needs to deliver security for the assets you already have. As the company invests in automation for IT generally, consider security automation an equally important investment. Massively scalable automation can also create massively scalable security misconfigurations, especially when applied to existing assets and environments that weren’t built with automation in mind. An automated security configuration management program can effectively prevent problems from occurring. Massively complex systems, which come with scalability and automation, can create an environment that’s under constant change. How do security teams validate that the changes occurring aren’t harmful? They also need to make integrity monitoring and change detection part of the environment.
- Decision-making. While technology can present barriers to automation, it has become less of a problem because security teams can find technology to automate nearly any process today. Decision-making has become a bigger barrier. When security teams consider how to automate a process, they need to think about the decisions being made as part of that process. Are the decisions complex? Are they risky? If so, security pros will probably want to depend on a human being to make these decisions, rather than rely on automation.
- Artificial intelligence. AI aims to remove the barrier of complex decision-making from automation, ultimately making decisions close to how a human being would. While it’s an exciting and growing field, in most cases, it’s not there yet. AI isn’t reliable enough yet to make all the decisions we may need it to make. At least right now, AI more often lets us make mistakes at scale, not solve problems at scale.
Businesses have found automation a valuable tool for saving time and decreasing repetition. By implementing automation, human beings can focus their time on more important and complicated tasks, as opposed to doing the same menial task over and over again. The benefits of automation accrued to IT can also be realized with security automation. Do not overcomplicate security automation projects. Identify the areas where the company can get the most benefit with the least amount of effort. Where are you manually gathering security information? Where are you making predictable decisions? Where are you performing security tasks manually that are automated in other environments?
Automation has become more and more essential in IT environments. By building automation into information security, teams can increase productivity and focus on what’s most important for the organization.
Tim Erlin, vice president, product management and strategy, Tripwire