- Security TWENTY
- Women in Security
The last 12 months have seen a shift in how enterprises view automation and its benefits to their security and DevOps teams, writes Joe Schreiber, Technical Director of Business Development, at the network and cloud security product company Tufin.
Last year, it was found that more than three-quarters of organisations would like the ability to automate some of the day-to-day manual tasks related to their security information and event management (SIEM) systems. Yet, many of those businesses also admitted they are concerned about executing automation because they do not have the employees with the right skill-set to make it work.
When you consider these findings alongside the ever-increasing skills gap in the IT sector, it has become apparent that organisations have little choice but to adopt automation. In an age of digital transformation, it is a vital element for enterprises – regardless of how many experts are employed or not.
What can enterprises do to ensure automation adoption goes off without a hitch? Here are my five top tips to help ensure it is rolled out smoothly.
1. Secure business buy-in
As you prepare to implement automation, ensure the entire business is bought-in to it. Automation is a business investment – it requires high initial costs to write, test and maintain code – everyone needs to understand the benefits. Otherwise, major players at your company may question why budgets are being allocated to it and this could lead to hesitations about the investment, stalling the project indefinitely.
2. Evaluate your toolbox
Once you have everyone’s backing, it is time to cut your losses on technology that is not ‘automatable’. If a solution cannot be automated, properly assess if your organisation really needs it. It is probably time to invest in new tools too. As you are investing in the tools, don’t forget about the people using them. Ensure that training is part of the buying process and contemplate setting up cross-training sessions to keep the knowledge in circulation.
3. Embrace re-usable code
Automation often begins by scripting a few specific tasks. Then as the scope grows, those tasks become part of larger processes. Since the original code was designed for a very particular task, it must be rewritten to solve the next challenge. With a focus on re-usability you can eliminate redundancy. Consider writing tasks as functions or large collections of tasks as libraries. These can then be re-used by others without needing a deep knowledge of the inner-workings of the original code. Projects can then be sped up, as one can make use of the work done by colleagues to accomplish a greater objective.
4. Simplifying the data exchange
Automation requires components to communicate with other parts, whether that’s between on-premise and hybrid cloud implementations, or among a combination of different vendors and tools. If you build APIs or webhooks into your projects, then data can simply be exchanged without needing any fundamental knowledge of the code (or other intricacies).
5. Containers and Serverless Hosting
There are a variety of ways to run and host your code and automations. Take note of how modern applications are being created and run – and leverage these for your projects. Containers can offer separate environments for automation that won’t be affected by changes to the OS and other items that are not necessarily in your control. Serverless and other technologies may further simplify the runtime of your code as well.
The purpose of security automation is to be a force-multiplier, making the lives of security and DevOps teams easier. By implementing the tips offered above, businesses can reap the benefits of automation and digital transformation, while reducing the cost of change and human error.
About the author
As Technical Director, Business Development at Tufin, Joe Schreiber is responsible for managing the relationships of the company’s technical alliances, and seeking new technical partnerships. Prior to joining Tufin, he served as the Director of Solutions Architecture at AlienVault where he consulted with MSSPs of all sizes. Joe brings over 20 years of experience as a security analyst, architect, and IT problem solver. He’s built Security Operation Centers, and automated IT tasks.