Using automation and orchestration to transform security

Contributed Article
April 17, 2019 2:19 am

With the benefits of cloud platforms and mobility becoming increasingly obvious in the region, organisations have now started migration to digital platforms. Most regional businesses today are using cloud and mobility solutions in some manner or the other, often with highly varying degrees of adoption and integration. However, no matter the degree of adoption and integration, the security challenges of digital organisations are vastly different from those of legacy organisations.

While legacy businesses may require employees to work from office with limited amount of work and data portability, digital organisations offer their employees the flexibility to work from anywhere and with any device. While tremendously changing the nature of employee productivity and putting stress on the organisational culture to adapt and change, digital organisations are creating a more serious situation inside for information technology and security departments.

Security has continued to be paramount as large scale changes in the usage of IT platforms towards private, public, and hybrid cloud; distribution of data across multiple data centers; usage of customer data by third party suppliers whether anonymously or not; transformation of networks to allow upstream data from edge sensors and other connected devices; has in the short term exposed huge gaps in the fabric of organisational security platforms. And all this has not gone unnoticed from outside.

Threat actors realising the existence of such widely exposed attack surfaces of organisations, have exploited these vulnerabilities through blended attacks. These blended attacks while not of highly sophisticated nature have used innovative social engineering and highly focused and personalised attempts to breach the organisational perimeter.

Being an agile and digital organisation puts the responsibility of securing such an organisation back to the architects of the technology organisation. There is little business purpose of being an innovative and pioneering digital organisation if all your doors are left open and flapping.

All this learning has resulted in some positive changes. Security is now being included in agile software development, namely security in DevOps. Security risk and compliance has become a Board concern. And equipment manufacturers have begun to accept responsibility for incorporating security during product development in a more systemic manner.

But the real ray of sunshine is the arrival of automation and orchestration capabilities inside the realm of security systems. Security automation is the computerisation of a manual task across one or multiple security tools, so that they can be executed automatically, faster and without any delay once initiated. Examples are activation and deactivation of user login credentials, investigative collection of evidence of activities, event correlations, and call to action decision making processes.

Security orchestration on the other hand is about automation of multiple tasks, processes, and workflows across siloed, security subsystems, making them work as an integrated holistic system. The time spent on managing individual subsystems can now be better deployed into monitoring a complete system end to end, that is automated and orchestrated. Such a system will function much more efficiently, faster, and with far less errors than if each system were to be manually administered and monitored.

With cyber security skills in a long-term shortage cycle and no short-term respite in sight, automation and orchestration will help redeploy costly resources into more strategic roles rather than operational. With this approach, security inside digital organisations becomes more productive, predictable, consistent, and cost effective.

Heads of security can choose to start automation and orchestration in any of the following areas:

  • Threat monitoring: visibility into threat landscape
  • Incident response: following up on incidents
  • Security lifecycle management: offloading patch management, reporting
  • Operational efficiency: repeatable and measurable processes

The real gains for the organisation are when processes that do not require human intervention, are time consuming, fragmented, and free up resources, are targeted for automation and orchestration. This is where human skills can generate large scale return and monetary benefits for the organisation.

Key takeaways

  • With cyber security skills in shortage and no respite in sight, automation and orchestration will help redeploy resources.
  • Threat actors realising the existence of exposed surfaces of organization have exploited vulnerabilities through blended attacks
  • Being a digital organisation puts the responsibility of securing an organisation back to the architects of the technology organisation.
  • There is little business purpose of being an innovative digital organisation if all your doors are left open.
  • Security is now being included in agile software development, namely security in DevOps.
  • Security automation is the computerisation of a manual task across one or multiple security tools.
  • Security orchestration is about automation of multiple tasks, processes, and workflows across security subsystems.

Security inside digital organisations can become more productive, predictable, consistent, cost effective, explains Paul Potgieter at Dimension Data

Tags: