When automation meets security: Best practices

As automation touches more of your organization, security will be far from automatic. Bots’ privileges need close scrutiny, for example
361 readers like this.

Automation continues to take on a growing role across business functions. Looking specifically at the cybersecurity sector, identity and access management, patching, and network change management are just a few areas where automation has become a central component. 

The goal of these and other automated functions is to free skilled human labor from mundane tasks and to speed up response or task time, which allows for things that were not previously possible before automation. This suggests a symbiotic relationship between man and machine, and it’s true that automation provides security teams with numerous benefits in addition to those listed above. However, the technology requires a few critical considerations in order to avoid introducing security vulnerabilities that can easily snowball into a huge problem for security leaders — and the organization overall. 

[ Can AI solve that problem? Read also: How to identify an AI opportunity: 5 questions to ask. ]

When implementing automation in your organization — or when reviewing existing deployments — IT leaders should consider these best practices: 

Stay actively involved: When people hear “automation,” they tend to think that the process in question happens with little to no human oversight, but that assumption is incorrect. It may sound counterintuitive, but automation should never actually be automatic: To maintain control over processes and ensure security, there must always be a degree of human involvement and oversight.

This could be in the form of logs, alerts, or reports that update security teams on what has occurred automatically and enable them to take manual action as needed. IT leaders also must set limits around what automation can do and implement rules to alert security teams to actions that could introduce a security vulnerability or workflow issue. 

Closely review third parties: Granting vendors and other third parties access to internal systems and networks is an expected part of doing business today. When companies implement automation solutions that rely on add-ons or require management by an external vendor, however, there can sometimes be cause for concern. As with anything, collaborating with a third party can introduce new security vulnerabilities and increase the likelihood of a security incident.

This is not to suggest that companies should try to do more in-house — it goes without saying that a “go-it-alone” attitude is also troubling from a security perspective. However, it is important that organizations closely review third parties and wherever possible, replace numerous point solutions with more comprehensive products that offer a more integrated security approach. 

Assess Privilege: Keeping an eye on privilege is one of the most important things security leaders can do to safeguard the organization. There is a general awareness that employees and contractors should have access only to the systems they need to do their jobs, but this mentality doesn’t always extend to automated systems.

However, it’s critical that bots only have the access and capabilities necessary to perform their respective functions — anything more and hackers could easily exploit the access to wreak havoc. If your automation systems have privileged access to do their tasks, they should be managed and secured appropriately for that level of access.   

[ Read also: AI vs. machine learning: What’s the difference? ]

Set Guardrails: For every great automation story, there is an automation-out-of-control story. Automation has much potential, but if given the wrong instruction, the technology can cause massive destruction.

A great example of this is in identity management, where a change to a group name could potentially trigger removal access for a large group of people. Setting limitations, human validation steps, or controls around your automation is critical and may save you in the future. For example, something like a statement in your automation that requests approval if more than five user deletes are scheduled can help.

When security leaders are cognizant of the above considerations, automation technologies can enable companies to deploy skilled resources in more strategic ways. As AI, machine learning, and other emerging technologies become more prevalent, we can expect that more business processes will become automated. As such, it’s critical that security teams are aware of automation best practices and take the steps to ensure their deployments are as secure as possible. 

[ How can automation free up more staff time for innovation? Get the free Ebook: Managing IT with Automation. ] 

Jeremiah is a seasoned Chief Information Security Officer with 25+ years of leadership experience in the financial, telecommunications, and manufacturing sectors. Before joining ThreatX, he implemented a security program that resulted in no compromised systems for over three years and has been recognized for creating innovative fraud protection and incident response programs.