Automation has huge potential for the cyber security industry. According to global research group Research for Markets, the worldwide security, orchestration, automation and response market will be worth almost US$19 billion by 2025.1
By taking on tasks that previously required human intervention, automation can reduce the workload, increase efficiency, improve consistency, accelerate responses and help provide comprehensive decision support to security professionals. As data volumes continue to increase, automation is becoming a must-have for any cyber security team. Whether monitoring intrusion detection systems, onboarding employees or third parties, responding to incidents or checking for compliance, automation reduces errors, giving you more assurance and freeing up cyber professionals.
Fulfilling automation’s huge potential
Addressing the challenge
Automation can have a significant and positive impact on the effectiveness of CISOs and their teams.
Overcoming the talent gap
In common with other professions, automation eases the workload for cyber security specialists in a number of ways, as Gary Harbison, CISO of Bayer, explains: “Automation is a big opportunity to reduce manual work. Rather than pulling data, your engineers are freed up to analyze the data. An incident should trigger automated data gathering, enabling engineers to assess data and size up the risk. With a greater focus on expertise and driving value, cyber jobs become more interesting, which can help attract more people into the profession.''
Another useful application is chatboxes for security queries — especially helpful for third party security. Getting swift answers enhances the employee and user experience, and can help improve cyber security by spreading best practice. Onboarding new employees can also be streamlined, to automatically provide appropriate levels of access to systems and resources — once again freeing up resources.
“I expect the role of SecOps to be almost entirely automated away. The cyber security team should design SecOps, and then manage outcomes and exceptions from SecOps — activity should be automated and repeatable.”
Embedding cyber security into the organization
The relationship between cyber security professionals and developers can be fraught; the latter want to innovate and get new products out quickly, while the former aim to reduce vulnerabilities. HP’s CISO, Joanna Burkey, feels that automation can align objectives and help cyber security teams adapt: “We must understand how they work and avoid being prescriptive. The development community is not typically unified, so automation helps us fit in, encouraging them to incorporate tools in a secure way.”
Enhancing overall cyber security
Automation reduces human error and guides cyber professionals on sources of risk, acting as a radar to emerging threats. This should help to protect sensitive personal and private data and, when linked with Security Orchestration, Automation, and Response (SOAR) and a ticketing workflow, lead to faster responses to actual or potential incidents. Attackers are increasingly using automation, and cyber security teams need the same pace of data gathering and analysis to counter such threats.
Axiata is investing in automation to boost data analysis, ultimately hoping to automate much of its decision-making, as Group Chief Risk and Compliance Officer Abid Adam explains: “You can’t be an innovative company if you don’t innovate yourself. We must be automated and digitized and I’m challenging my team to work on data governance models and improve how we collect and analyze data and build analytical models.”
When introducing automation across operational technology, safety becomes paramount. Maersk is a major global integrated shipping company that operates several ports around the world. CISO Andy Powell explains his approach: “We started cautiously with automation on one pier in one port and had to prove that we could ‘fail safely’ from a cyber attack. Once this was achieved, we were able to build a template for automation safety and expand across other operations.”
Keeping regulators happy
Regulatory demands can be a major challenge with global companies facing different regimes from multiple countries and territories. Managing this privacy landscape calls for fast, efficient data gathering, and automation can play an increasing role in continuous controls monitoring.
Re-shaping the cyber team
The rapid growth of automation comes from a low base, as CISOs everywhere figure out how best to exploit this nascent technology. Its potential is enormous and continues to grow. With demands on the security team increasing as it takes on a more strategic role in the organization, the ever expanding and complicating ecosystem, not to mention the evolving regulatory landscape — it is critical that the sector takes advantage of technology automation.
“With automated controls, we are not doing the manual surveillance, so behaviors must now be the trigger — which means investing more in the analytics of behavior, both internally and amongst customers and suppliers, to avoid insider threats.”
Use areas include: low-level activities, linking SOAR to workflows and ticketing; bots to take over traditional customer service tasks; and automated provisioning and de-provisioning of accesses to resources. In this way, automation can target three of the most labor-intensive areas of the classic cyber security function.
Automating security can help to shape the future of the entire cyber team, as it makes it easier to identify and report any gaps with consistent metrics, which in turn helps CISOs allocate investment.
In a complex regulatory compliance landscape, automation enables a ‘test once, comply many’ approach, with automated controls producing automated reporting, and rapid notifications for the regulator.
However, when integrating security into DevOps, especially in the cloud, there’s currently no definitive guide, so cyber is a little behind the game. Cloud does provide the capability to embed controls in a consistent way, so CISOs and their teams must figure out exactly how to automate — and what tools are needed.
It’s important that automation does not add complexity — often, efforts fail because they’re poorly planned and disjointed with multiple technologies that are not integrated. CISOs must leverage their seat at the C-suite table to partner with the CTO, so they can be part of a broader, organization-wide digital automation strategy, to make the most of shared capabilities.
Privacy has become a huge business and regulatory challenge for companies. In KPMG International’s recent paper Privacy technology: What’s next?, the authors argue that “… the art of privacy automation is very much a function of weaving together complementary technology for the various facets of data management, protection, and privacy to help streamline and drive efficiency and cost effectiveness in privacy program management.”
One interesting development is data rights-as-a-service, which allows individuals to automate their subject access rights, reduce their digital footprint and remove personal data from search engines and other data aggregators, or mask their email identities online.
Automating security can help to shape the future of the entire cyber team. If the profession gets it right, many of the traditional process-focused roles associated with security today will disappear, with algorithms and machine learning taking over. It won’t remove the needs for humans, who will be tasked with taking the more uncertain decisions and providing strategic advice and support.
“Compliance is a heavy drain on cyber security teams, especially in industries like financial services and the energy and utilities sectors. Instead of performing assessments against every requirement, they should simplify and automate so they test once and discern compliance with many. Think about automating the testing, continuously. With such automation, it can drive data enrichment and deeper correlation and analysis.”