When we traditionally think of the benefits of 'automation,' we think of 'improved quality and efficiency; and savings in time, cost and energy.' One often overlooked benefit that can be achieved from this is the mitigation of risk and the enhanced security. According to a recent study by AlgoSec (State of Automation in Security, Spring 2016), over 80% of respondents believe that automation has the power to improve enterprise-level security. With the increased number of high-level breaches being reported in mainstream media, organization security has become a much more prominent issue. Security is now discussed and supported at the board level. This visibility and support have been a major factor in the increase in security spending across all industries. Effective security strategies are now primary drivers for adopting automation technologies as they provide a measurable increase in security posture and free up resources from time-consuming, repetitive tasks. Different industries face different security challenges, and their automation solutions have allowed them to improve their security posture while maintaining a business-as-usual approach. Below are some examples of various areas that can benefit from successful automation to meet security challenges:
Compliance
The State of Michigan provides IT services to 18 state-level agencies and backs 300 online services used by its staff and over 10 million residents. Its mandate includes adherence to several policies like SOX, HIPAA and PCI that can affect security in different ways. After investing in automation, Michigan was able to minimize its non-compliance risk by automatically monitoring configuration changes and allowing system administrators the option to fix or restore the configuration before triggering out-of-compliance alerts. The State is now able to generate audit reports in 15 minutes, where previously this process took several staff members over an hour each to complete.
Industry and Manufacturing
The introduction of always-connected, always-on devices into industrial organizations has seen the threat of attack increase significantly. Indeed, these organizations used to be immune to many attacks due to their isolated and proprietary nature. The benefits of industrial Internet of Things, however, are tangible. Smarter, always-on systems can act as failsafe mechanisms and make split-second decisions to prevent accidents or other undesirable consequences caused by users or malicious activity.
Finance and Accounting
Automated analysis and verification of transactions and user rights can quickly detect and rollback fraudulent transfers.
Supplier and third-party integration
Giving access to your systems to suppliers and other third parties can be quite beneficial. However, both Target and Home Depot can attest to the risks. External facing portals should not be self-hosted or on shared, internal systems. Automatic evaluation of permissions and out-of-band two-factor authentication (2FA) can be used to great effect.
Conclusion
Manual approaches to systems management and security will become less and less effective as more and more systems become integrated. Each instance of integration increases the number of processes that must be policed and the data that must be protected. In response, automation will become the first and last resort to help keep businesses running while minimizing out-of-compliance and security threats. We’ll review some of those risks and the different ways organizations can mitigate against them in my next post.
About the Author: Jonathan Schnittger is a Senior Software Developer & Team Lead at 1E, a Software Lifecycle Automation company. He is a Certified Secure Software Lifecycle Professional (CSSLP) and a full stack software developer specializing in enterprise grade .Net applications. Jonathan has over 15 years of experience in software development and has worked on a wide variety of applications from mission critical data center monitoring, agent-less inventory solutions, remote deployment software to large scale data warehousing. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
