Today’s columnist, Grant Wernick points out that while 56% of companies plan to replace their old infrastructure, only 39% plan to address security – a big mistake, says Wernick, who writes that the combination of work-from-home and the move to the cloud has forced companies to focus more on security. david CreativeCommons CC BY-NC-SA 2.0

Organizations have dramatically increased their adoptions of cloud-based SaaS applications in the last year to maintain workflows and scale their businesses as they moved to work-from-home because of the COVID-19 pandemic. While these tools are now essential to run operations, they increase vulnerabilities to cyber intruders that organizations need to be aware of the downsides.

A study by Deloitte found that 93% of CIOs had adopted or planned to adopt cloud-based SaaS applications in 2020. Leaders are motivated to put these platforms to use for agility and scalability, but seldom concentrate on building new security strategies suitable for the new infrastructure. A 2021 study by SWZD found that 56% of businesses plan to revise their outdated IT infrastructure, 45% will prioritize IT projects, and 39% will take appropriate measures to address security concerns. As cloud infrastructure becomes the norm, enterprises must strengthen their cybersecurity efforts.

Security teams face new challenges

Growing SaaS popularity means that sensitive data gets spread out through different applications, accessed by different teams, and becomes more accessible to hackers.

With employees working remotely, inadvertent compromises are waiting to happen. Not only are workers likely to fall for phishing scams while they are more susceptible to distractions at home, weariness, and burnout, their behaviors are also harder to monitor when weeding out potentially mal-intended characters.

Additionally, security teams’ bandwidth to monitor behavior has diminished because of the need to pull audit logs and the data plumbing required to make sense of what’s going on. Security professionals are meant to work with ready data to ask analytical questions, monitor systems, and thwart cyber-attacks. Instead, they are now tasked with spending 80% of their time collecting and connecting raw data and only 20% of their time analyzing insights and taking meaningful action.

How automation can help

Across different industries, we need tools that let teams spend less time building and integrating complex systems and more time interpreting insights and implementing more robust strategies to keep the organization secure.

More automation will do the following:

  • Boost the ability of security teams to focus on threat analytics.

Automation will save a lot of time by taking care of the tedious data plumbing and offering quick insights regarding suspicious activity. Security teams should spend less time on the gritty work of plumbing, configuring, and normalizing data across dozens of platforms and spend more time on analysis and creating relevant and more innovative ways of preventing breaches.

  • Make security accessible to businesses of all sizes.

Only 20% of companies can afford existing cybersecurity tools and the talent needed to install and properly manage them. Automation alleviates the need to hire extra teams of experts to connect and interpret big data and provides solutions in natural language that anybody can use and understand.

  • Enhance reliability.

Existing products are lacking in transparency and accuracy. Usually, systems take upwards of six months to set up before security teams can use them. Organizations also don’t have views into the inner workings of algorithms in place to understand the basis of the data visualization that’s generated and end up with a lot of false positives. Software with better automation will triangulate data and punt daily notifications indicating whether the company  has a problem or not, in addition to answering specific questions, so the security team can rest assured that they are maintaining the organization’s security.

Software that can automate necessary but tedious processes across many different applications and generate meaningful, actionable insights will relieve resource limitations and equip security professionals to become more proactive in securing their company’s crown jewels.

Grant Wernick, co-founder and CEO, Fletch