3 areas you can deliver value with automation

The impact of automation

Automation is already impacting the world in two ways, first, as an enabler to the security and risk function and second, as new security frontiers that need to be acknowledged and understood.

As pieces of the business begin to adopt emerging technologies ranging from the cloud to blockchain to digital twins and immersive technologies, security and risk management leaders will find themselves overwhelmed with priorities.

Other business units are likely building solutions without consulting those of us in security. This means they are making technology-related choices every day, often without realizing the risk implications of what they are doing. The consequences of these business choices —choices over which we have no control and do not always see — can be huge, especially as the potential for digital business continues to grow.

As digital transformation alters security needs and necessary skill sets and competencies, it creates new talent gaps that are difficult (if not impossible) to fill.

Deliver value with automation

Security and risk professionals must deliver value using automation in three areas: Identity, data, and new product or service development.

Decisions regarding identity should always remain within the control of security and risk teams. This becomes even more important as businesses increasingly move to cloud environments. As systems and companies become more complex, relying solely on multiple passwords for identity confirmation becomes difficult and risky.

Consider using an intelligent risk engine to automate certain parts of the process. A CARTA approach to identity will be key to ensuring that the risk engine isn’t too relaxed or restrictive, but also works for the user.  

Businesses are data generation powerhouses. Failing to protect and watch data can be costly — and can, in fact, harm an organization’s value.

Review the access control models for any infrastructure as a service and SaaS applications and consider using a cloud access security broker (CASB) to identify and classify data and files. Use a CASB in combination with enterprise digital rights management to extend controls over the entire enterprise, regardless of where the data lives.

Companies are developing new products and services to gain competitive edge and are leveraging emerging technologies, which are highlighting new business opportunities. With an increasing need to go to market faster, DevOps processes can run afoul of security protocols. Automation can help achieve the goal of DevSecOps, where security is built into the beginning of the process with no negative impacts.

Consider automation options such as interactive application security testing, a machine-based solution that enables you to observe the behavior of an application from the inside. Your team can then piggyback security testing onto the quality assurance testing and avoid using a single security test case.