Security Automation: when, why, and how

October 11, 2020
Paula Januszkiewicz, founder and CEO of consulting company CQURE speaks at the RSA Conference in Asia last year. Today’s columnist, Tim Erlin of Tripwire, says security teams can automate anything today, but they still need strong security pros like Januszkiewicz to drive decisions on what processes to automate. (Credit: Cyberraccoon via Creative Commons)
  • The cloud. Most IT security people would agree that cloud computing has been built on automation. Organizations have flocked to cloud service providers to take advantage of massive scale and flexibility in resource allocation, allowing their business processes to adapt more effectively. Those scale and flexibility benefits only exist because of the degree to which automation gets applied in cloud environments. Securing cloud environments and assets requires that same level of automation. The core security controls might be the same, but they have to get tightly integrated with the automation in operational use in the cloud.
  • Reliability. Automation isn’t always just about scalability. There’s also an important relationship between automation and reliability, and therefore security. Having human beings perform the same process over and over again can introduce errors. Human-driven processes are fabulously flexible, but not reliable. Automating a process can and should make that process more reliable and secure. If implemented properly, automating a previously manual process will remove the chance of human error, and ultimately reduce the number of incidents that occur.
  • Legacy environments. Automation also needs to deliver security for the assets you already have. As the company invests in automation for IT generally, consider security automation an equally important investment. Massively scalable automation can also create massively scalable security misconfigurations, especially when applied to existing assets and environments that weren’t built with automation in mind. An automated security configuration management program can effectively prevent problems from occurring. Massively complex systems, which come with scalability and automation, can create an environment that’s under constant change. How do security teams validate that the changes occurring aren’t harmful? They also need to make integrity monitoring and change detection part of the environment.
  • Decision-making. While technology can present barriers to automation, it has become less of a problem because security teams can find technology to automate nearly any process today. Decision-making has become a bigger barrier. When security teams consider how to automate a process, they need to think about the decisions being made as part of that process. Are the decisions complex? Are they risky? If so, security pros will probably want to depend on a human being to make these decisions, rather than rely on automation.
  • Artificial intelligence. AI aims to remove the barrier of complex decision-making from automation, ultimately making decisions close to how a human being would. While it’s an exciting and growing field, in most cases, it’s not there yet. AI isn’t reliable enough yet to make all the decisions we may need it to make. At least right now, AI more often lets us make mistakes at scale, not solve problems at scale.  
prestitial ad