Automation – Business Ally or Security Adversary?

PUBLISHED ON April 15, 2019
LAST UPDATED March 18, 2022

In a world where speed and agility is expected by consumers and required for business operations, automation has become key component of successful enterprise operations, from identity and access management to patching. But it goes beyond that. Automation has enabled many security teams to transfer maintenance burdens and manual tasks from security teams to applications, which in turn, frees skilled human workers to focus their energy on strategic initiatives. Unfortunately, that’s not the end of the story. Without proper parameters, automation can actually introduce critical security vulnerabilities and serve more as an adversary than an ally.

With care and consideration dedicated to implementing automation in the first place, these vulnerabilities can be largely avoided. There are three things to consider when it comes to automation:

  1. Automate Intelligently While it may sound counterintuitive, automation should not actually be 100% automatic and unsupervised. There should always be a degree of human involvement or oversight. For example, security teams should receive timely alerts or logs to address what has occurred automatically. This ensures visibility and prevents against unintentional actions being taken or security vulnerabilities from being introduced.Organizations should also set limits around what automation can do autonomously. In IAM automation, for example, a company may wish to implement a rule to trigger a manual action if a large number of user deletes are scheduled in a certain amount of time to prevent an unintentional delete all scenario.
  2. Limit “Automation Sprawl” All automation solutions have their own nuances and maintenance needs that require human involvement, no matter how sophisticated the solution is. That said, the more complex the solution, the more effort that’s required to keep it secure. This is only exacerbated when a third-party is introduced to manage the solution.For this reason, organizations should limit “automation sprawl” and replace numerous point solutions with comprehensive products that offer an integrated security approach, whenever possible. And if third-parties are required, they should be vetted extensively. The hard work upfront will pay off in spades in the long run.

Read about the final consideration in detail in the original article via Information Management.

Machine Learning & Risk Engines Blog CTA


About the Author

Will Woodson

Will's background is in security operations, working in the financial services sector and as a federal employee in engineering & analytical roles. He holds several industry certifications including a CISSP and is active in multiple information security community groups.