Visitors walk by a stand for cloud computing at a technology trade fair. (Photo by Alexander Koerner/Getty Images)

Zscaler on Thursday acquired security workflow automation company ShiftRight, with an eye toward integrating ShiftRight’s automation tool into Zscaler’s cloud security platform.

The aim of the acquisition was to automate security management, offering a product that will help security teams dramatically reduce incident resolution times, according to Zscaler.

Zscaler officials said in discussions with enterprise CIOs and CISOs, a pressing issue for their IT and security teams is not having enough time and resources to respond to and determine the severity of all security incidents. This results in not meeting SLAs, contentious relationships between security and business stakeholders and, most important, it introduces major risks to the business when critical security issues go unaddressed.  

A challenge with securing cloud-native development is that security teams have higher volume and higher speed of releases, said Melinda Marks, a senior analyst with the Enterprise Strategy Group. Marks said there’s a higher chance for mistakes with misconfigurations or access issues that increase risk. Security teams are challenged to ensure that they can prioritize taking actions to reduce the highest risk security issues to remediate before an attacker finds it, so it becomes  a race to mitigate exposure to risk, said Marks.

“So a solution that helps with workflow automation can help security teams more efficiently manage risk,” Marks said. “It seems like Zscaler was able to acquire ShiftRight at an early stage before it was seeing customer traction, so it could be a good buy for them to add technology that will enhance its posture control capabilities to help security teams manage security risk as software development scales.”

Frank Dickson, who covers security and trust for IDC, said this acquisition seeks to solve a common problem for security teams, many of which are struggling to find, hire and keep security pros, and the ones they have are incredibly overworked. Dickson said companies tend only to address the most acute problems, sometimes leaving significant alerts unaddressed.

“The answer is that security vendors are redefining the ROI of security tools, changing metrics to evaluate the impact that security tools have on people,” Dickson said. “Automation tools become critical, allowing organizations to respond to more issues with fewer people. Automation tools maximize the value of the platform and Zscaler’s acquisition of ShiftRight directly addresses this trend.”