E R T N
P
X
E INIO
OP
Leveraging
automation
for modern
security
Modern security teams are facing more
threats than ever, as well as more pressure
to provide business value. Katell Thielemann,
VP Analyst at Gartner, tells us why it’s so
important that CISOs consider automation
tools to balance security with efficiencies.
S
ecurity and
risk leaders
must explore
automation to
provide increased
business value and
maintain security
standards. When Amy, the CISO of a
healthcare provider, looked at cloud
security across the enterprise, she
realised the default access control models
were creating a variety of access issues.
BeWell’s Infrastructure-as-a-Service
(IaaS) providers defaulted to a secure
state, allowing only the owner access.
On the flip side, Software-as-a-Service
(SaaS) providers defaulted to totally
open access. With multiple clouds in
use, it would be impossible for Amy to
manually relax permissions for IaaS and
ensure adequate controls for SaaS. The
solution? Automation.
www.intelligentciso.com
|
Issue 20
Katell Thielemann, VP
Analyst at Gartner
No longer are we asked a singular
question, ‘how are you providing security
and managing risk?’. We are now asked
a more complex question, ‘how are you
helping the enterprise realise more value
while assessing and managing risk,
security and even safety?’. The best way
to bring value to your organisation today
is to leverage automation.
The impact of automation
Automation is already impacting the
world in two ways, first, as an enabler
to the security and risk function and
second, as new security frontiers
that need to be acknowledged and
understood. As pieces of the business
begin to adopt emerging technologies
ranging from the cloud to Blockchain
to digital twins and immersive
technologies, CISOs like Amy will find
themselves overwhelmed with priorities.
According to Beth Schumaecker,
Director, Advisory, Gartner, “Other
business units are likely building
solutions without consulting those of
us in security. This means they are
making technology-related choices
every day, often without realising the risk
implications of what they are doing.
“The consequences of these business
choices – choices over which we have
no control and do not always see – can
be huge, especially as the potential for
digital business continues to grow.” As
Digital Transformation alters security
needs and necessary skill sets and
competencies, it creates new talent gaps
that are difficult (if not impossible) to fill.
Automation in the business
Many automation tools are ad hoc; others
formally automate key parts of a process.
41