Why automation and orchestration are key to securing the digital organization
April 2019 by Paul Potgieter, Managing Director - UAE, Dimension Data
Digital organizations have a vast attack surface making it prohibitive to secure them completely using conventional techniques, explains Paul Potgieter, Managing Director - UAE, Dimension Data.
With the benefits of cloud platforms and mobility becoming increasingly obvious in the region, organizations have now started migration to digital platforms. Most regional businesses today are using cloud and mobility solutions in some manner or the other, often with highly varying degrees of adoption and integration. However, no matter the degree of adoption and integration, the security challenges of digital organizations are vastly different from those of legacy organizations.
While legacy businesses may require employees to work from office with limited amount of work and data portability, digital organizations offer their employees the flexibility to work from anywhere and with any device. While tremendously changing the nature of employee productivity and putting stress on the organizational culture to adapt and change, digital organizations are creating a more serious situation inside for information technology and security departments.
Security has continued to be paramount as large scale changes in the usage of IT platforms towards private, public, and hybrid cloud; distribution of data across multiple data centers; usage of customer data by third party suppliers whether anonymously or not; transformation of networks to allow upstream data from edge sensors and other connected devices; has in the short term exposed huge gaps in the fabric of organizational security platforms. And all this has not gone unnoticed from outside.
Threat actors realizing the existence of such widely exposed attack surfaces of organizations, have exploited these vulnerabilities through blended attacks. These blended attacks while not of highly sophisticated nature have used innovative social engineering and highly focused and personalized attempts to breach the organizational perimeter.
Being an agile and digital organization puts the responsibility of securing such an organization back to the architects of the technology organization. There is little business purpose of being an innovative and pioneering digital organization if all your doors are left open and flapping.
All this learning has resulted in some positive changes. Security is now being included in agile software development, namely security in DevOps. Security risk and compliance has become a Board concern. And equipment manufacturers have begun to accept responsibility for incorporating security during product development in a more systemic manner.
But the real ray of sunshine is the arrival of automation and orchestration capabilities inside the realm of security systems. Security automation is the computerization of a manual task across one or multiple security tools, so that they can be executed automatically, faster and without any delay once initiated. Examples are activation and deactivation of user login credentials, investigative collection of evidence of activities, event correlations, and call to action decision making processes.
Security orchestration on the other hand is about automation of multiple tasks, processes, and workflows across siloed, security subsystems, making them work as an integrated holistic system. The time spent on managing individual subsystems can now be better deployed into monitoring a complete system end to end, that is automated and orchestrated. Such a system will function much more efficiently, faster, and with far less errors than if each system were to be manually administered and monitored.
With cyber security skills in a long-term shortage cycle and no short-term respite in sight, automation and orchestration will help redeploy costly resources into more strategic roles rather than operational. With this approach, security inside digital organizations becomes more productive, predictable, consistent, and cost effective.
Heads of security can choose to start automation and orchestration in any of the following areas:
Threat monitoring: visibility into threat landscape
Incident response: following up on incidents
Security lifecycle management: offloading patch management, reporting
Operational efficiency: repeatable and measurable processes
The real gains for the organization are when processes that do not require human intervention, are time consuming, fragmented, and free up resources, are targeted for automation and orchestration. This is where human skills can generate large scale return and monetary benefits for the organization.