Automation – Business Ally and Security Adversary?

In a world where speed and agility is expected by consumers and required for business operations, automation has become key component of successful enterprise operations, from identify and access management to patching. But it goes beyond that. Automation has enabled many security teams to transfer maintenance burdens and manual tasks from security teams to applications, which in turn, frees skilled human workers to focus their energy on strategic initiatives. Unfortunately, that’s not the end of the story. Without proper parameters, automation can actually introduce critical security vulnerabilities and serve more as an adversary than an ally. 

With care and consideration dedicated to implementing automation in the first place, these vulnerabilities can be largely avoided. There are three things to consider when it comes to automation: 

  1. Automate Intelligently 

    While it may sound counterintuitive, automation should not actually be 100% automatic and unsupervised. There should always be a degree of human involvement or oversight. For example, security teams should receive timely alerts or logs to address what has occurred automatically. This ensures visibility and prevents against unintentional actions being taken or security vulnerabilities from being introduced. 

    Organizations should also set limits around what automation can do autonomously. In IAM automation, for example, a company may wish to implement a rule to trigger a manual action if a large number of user deletes are scheduled in a certain amount of time to prevent an unintentional delete all scenario. 

  2. Limit “Automation Sprawl”

    All automation solutions have their own nuances and maintenance needs that require human involvement, no matter how sophisticated the solution is. That said, the more complex the solution, the more effort that’s required to keep it secure. This is only exacerbated when a third-party is introduced to manage the solution. 

    For this reason, organizations should limit “automation sprawl” and replace numerous point solutions with comprehensive products that offer an integrated security approach, whenever possible. And if third-parties are required, they should be vetted extensively. The hard work upfront will pay off in spades in the long run. 

Read about the final consideration in detail in the original article via Information Management.

Machine Learning & Risk Engines Blog CTA

*** This is a Security Bloggers Network syndicated blog from ThreatX Blog authored by Will Woodson | Lead Security Engineer. Read the original post at: