If 2018 was the year of realizing the promise of automation, then 2019 will be the year that enterprises adopt and implement it across their security and DevOps teams.
According to a study conducted by the Ponemon Institute and Juniper Networks in mid-2018, 77 percent of organizations said they would like the ability to automate some of the daily manual tasks involved in using their security information and event management (SIEM). Despite this, the majority of respondents also reported that they had reservations about implementing automation, citing they lacked the in-house expertise needed to execute it properly.
Considering these findings, and the ever-increasing skills gap, it’s clear that organizations will have to begin implementing automation to keep up with the pace of digital transformation, regardless of whether they believe they have the in-house expertise. However, this poses serious security issues for those organizations, as automation done poorly inevitably will expose the organization and could lead to a damaging breach.
In an effort to securely guide organizations in their journey to automation, I’ve compiled the top five best practices and tips for implementing security automation across the enterprise.
Ensure Your Entire Organization is Onboard
Before you begin the journey to automation, make sure everyone in your organization is fully bought-in. The CIO should effectively communicate the goals and benefits of automation across the entire organization, as implementing will require communication and cooperation between teams. Aligning the organization can significantly reduce friction between teams once they begin to automate. Automation is also an investment, with high initial costs to write, test and maintain code. If major players in your organization don’t understand the long-term benefits of automation, they will be more hesitant about the initial investment, which could stall the project before it even begins.
Organize Your Toolbox
Now that you have everyone onboard, take an inventory of what technology you’re currently using and assess what is “automatable.” If it can’t be automated, consider replacing it. You may also need to add a few new tools to the toolbox. Think about where your automation will operate from (the orchestrator) or where you will store credentials (secrets manager). Some of these functions may require tools you’re not familiar with, so it’s important to learn these first so you can integrate with them properly.
Write Reusable, Value-Driven Code
Oftentimes, automation begins by scripting specific tasks here and there. Then as the scope grows, those tasks become part of larger processes. Since the original code was for a very specific task, it ends up being rewritten to solve the next challenge. With a focus on reusability you can eliminate this redundancy. Think about writing tasks as functions or large collections of tasks as libraries. These can then be reused by others without needing a deep knowledge of the inner workings of the original code. This also greatly speeds up projects, as one can make use of the work by others to accomplish a larger goal.
Consider the Data Exchange
Automation will require components to communicate with other components, whether that’s between on-premises and hybrid cloud implementations or among a combination of different vendors and tools. If you build APIs or webhooks into your projects, then data can easily exchange without needing any underlying knowledge of the code (or other intricacies).
Containers and Serverless
There are many ways to run and host your code and automations. Take note of the way modern applications are being created and run and leverage these for your projects. Containers can offer distinct environments for your automations that won’t be affected by changes to the OS and other items that may not be in your control. Serverless and other technologies may further simplify the runtime of your code as well.
Security automation’s purpose is to be a force-multiplier, making security and DevOps teams’ lives easier. Organizations across the globe should make the shift from planning automation to implementing to maintain business agility and keep pace with digital transformation. By following the tips offered above, enterprises everywhere can get the most out of automation in 2019, without introducing a world of risk.