Cloud Automation Key to Future-Proofing Cybersecurity
Organizations are turning to cloud automation to help them future-proof cybersecurity plans, particularly when coupled with autonomous privileges and access.
These were among the results of a Delinea survey of 300 IT decision-makers, conducted on the company’s behalf by research firm Censuswide.
Nearly six in 10 (59%) respondents indicated the leading factor driving their need to future-proof their access security in 2022 is increasingly complex, multi-cloud IT environments.
The survey also found 86% of respondents are exploring ways to automate access controls, especially for privileged access.
Cloud Automation for Access Controls
However, even with 68% of respondents seeing increases in budgets and staff, they continue to face mounting threats from an expanding threat landscape.
“One of the most important steps an organization must prioritize on their path to a successful cloud automation journey is how to embed security into the process so that it is better than any previous user experience and works seamlessly in the background,” explained Joseph Carson, chief security scientist and advisory CISO at Delinea.
He said cloud automation is about moving beyond security-by-design and into security-by-default, which means it’s imperative to make security not just usable but something that employees want to use.
“It makes them more successful in the tasks they are doing as well as meeting the business goals,” he added. “The stakeholders of this major transformation will be a combination of the business and security together.”
He said organizations will no longer be building systems and applications but will be focusing on services and experience.
“This is why cloud automation is a top priority for businesses to succeed in future-proofing cybersecurity,” he said.
Becoming Context-Aware
Carson explained that methods to automate access controls are making security more context-aware, rather than repeatably asking the user for continuous verification.
“We must look for frictionless methods and techniques to verify and authorize access, such as privileged access security solutions, which can identify different access requirements,” he said.
From his perspective, the more IT pros move security into the background, the less dependent they will be on users to make security decisions; instead, they will be based on business intelligence and security risks combined.
“Security can then adapt to cybersecurity threats and deliver more automation,” he said. “This way, a business can invest in cybersecurity that works for future security threats and not just past security incidents.”
Andrew Barratt, vice president at Coalfire, added that cloud works better with orchestration and automation prioritized first.
“Start there,” he said. “By designing your apps and infrastructure to allow for an instant teardown and rebuild can give phenomenal flexibility and scale across a single or multi-cloud architecture.”
From Barratt’s perspective, cloud automation is “100% the future for cybersecurity.”
He explained that the ability to make wholesale changes to an application or to an entire infrastructure in-pipeline and rebuild almost immediately is perhaps the greatest untold story.
“That said, I’d be significantly less trusting of autonomous identity based on machine learning concepts and as a mechanism for privileged access,” he added. “As the route to privileged access is a holy grail for intruders, I don’t think it’s ready yet to be anything more than an assistant to a security analyst who is making the final call.”
John Bambenek, principal threat hunter and architect at Netenrich, said it’s important to understand that no technology is truly secure by itself and that every change will introduce new areas of security concern.
“In moving to the cloud, organizations need to clearly understand where the lines of responsibility for security end, how attackers are going after cloud resources and what tools exist to detect those attacks,” he said. “The core drivers of cloud automation are IT and engineering teams, often without input from security.”
He said the trend would hopefully move towards convergence, where those organizations are cooperating and not working at odds with each other.
Barratt added that in many organizations, the CFO is really the person who can realize the most benefit from cloud automation, not least because of its ability to free up capital for other investments.
Depending on the type of cloud project or solution, the stakeholders can vary, but the CFO, CISO and CIO are almost always critical to ensuring that the automation delivers on cost reductions, risk reduction and staff efficiency.
“Imagine the happy face your CFO will have when you can leverage spot pricing with automation and re-roll your entire infrastructure to the lowest cost platform of the hour almost immediately,” he said.
