Let’s face it: Security does not like automation. Putting machines in control of things like provisioning, data access, backup and a host of other functions merely adds more risk to an already risky environment that is now pushing way past the firewall to the cloud and the edge.
Things were simpler, comparatively, back in the days when humans were in charge, everything moved at a nice leisurely pace, and security could track and secure changes as they were made or even get ahead of them to head off any potential problems proactively.
Then along came DevOps and CI/CD and all the other initiatives designed to boost scale and performance without a thought as to how all of this will affect the security posture. And automation is at the heart of the problem.
Or so it would seem. While an automated enterprise does pose new security challenges, the fact is that the same tools being used to augment the development and operations side of the house can also be applied to security. And the results are largely the same: faster, more thorough performance and the ability for security professionals to shed the dull drudgery of their jobs to focus on more important matters.
The first thing security needs to understand, says Matt Harter, VP of product engineering at security management firm FireMon, is that automation does not mean automatic. Nobody, not even developers, and certainly not the front office, wants to expose themselves to data breaches these days, so there are plenty of ways in which security can be incorporated into automated processes. While this may seem scary at first – kind of like taking your hands off the wheel of a self-driving car for the first time – the reality is that many security functions are ripe for automation, including change planning, risk assessment and compliance testing.
Already, says ExtraHop’s Barbara Kay, security teams are falling behind the curve when it comes to protecting critical systems and data. According to a recent report from Enterprise Management Associates, upwards of 64 percent of all alerts are not investigated, and more than three-quarters of security pros say they do not check out all of the critical alerts that come their way. This is where tools like machine learning (ML) can make a substantial difference. By weeding out the true problems from all the false alarms or routine interrupts, ML can take on much of the security burden while providing a more accurate and timely assessment of current conditions.
Building an automated security framework from scratch is no easy task, however. That’s why the National Institute of Standards and Technology has published a guidebook for automated risk assessment and other functions. The document, NISTIR 8011 Vol. 3 Automation Support for Security Control Assessments: Software Asset Management, offers a number assessments regarding the effectiveness of various controls, the quality of risk management processes, and the strengths and weaknesses of multiple information systems functioning in a global environment. A key goal is to foster support for the Software Asset Management (SWAM) approach that seeks to manage the risk of unmanaged or unauthorized software. Through automation, the system will be better able to identify rogue software on a network or on stored applications that have yet to be installed.
Perhaps the most important reason security needs to jump on the automation bandwagon is because hackers and other wrongdoers are most certainly heading in this direction as well. With intelligent automation platforms and code readily available on the internet, along with the hyperscale cloud resources to use them, the bad guys have all the tools they need to make life miserable for organizations that fail to effectively automate their security postures.
Like all other elements in the IT stack, security has to keep up with the times.
Arthur Cole writes about infrastructure for IT Business Edge. Cole has been covering the high-tech media and computing industries for more than 20 years, having served as editor of TV Technology, Video Technology News, Internet News and Multimedia Weekly. His contributions have appeared in Communications Today and Enterprise Networking Planet and as web content for numerous high-tech clients like TwinStrata and Carpathia. Follow Art on Twitter @acole602.