by Mike Kail

Bridging the cyber skills gap with automation

Mar 22, 2018
Data and Information SecurityIT SkillsTechnology Industry

More than ever, we need automation to move security from human to machine speed.

illustration showing interaction between human and artificially intelligent workers
Credit: Thinkstock

As we know all too well, cybersecurity is a field suffering from a staggering talent shortage. In fact, the Capgemini Digital Transformation Institute recently issued a report titled, “Cybersecurity Talent: The Big Gap in Cyber Protection,” which found of the skills most required by businesses to support digital transformation, cybersecurity skills are most in demand but with the least internal supply.

Security approaches that focus on disparate tools and human capital initiatives just don’t cut it – not when the pace of innovation is fast and furious. The modern enterprise is based on its ability to deal with an ever-increasing complexity of its environment and its ability to innovate, while remaining flexible. Multiple IT technologies, processes, applications, systems and protocols need to be adopted and updated on a regular basis for businesses to remain competitive. But these factors pose a major challenge for many enterprises that have become technology companies overnight and don’t have the people, the expertise or the technology to manage it all in a way that mitigates risk.

Meanwhile, the pace and severity of cyber threats continue to grow and become increasingly automated. Frequent, and unfortunately massive, (i.e. Equifax) breaches show no signs of slowing and security teams are short staffed, over taxed and behind the eight ball.

Shifting security from human to machine speed

The situation certainly signals the need for automation to move security from human to machine speed. “Skills shortages, technical complexity and the threat landscape will continue to drive the move to automation and outsourcing,” Gartner says. Nineteen percent of enterprise organizations (i.e. more than 1,000 employees) are already extensively adding technologies for security operations automation and orchestration, and 39 percent are doing so on a limited basis, according to ESG research.

Incorporating the automation of specific cyber tasks offers the opportunity to increase efficiency and productivity, while maintaining a strong security posture. For example, Splunk scooping up cybersecurity innovator Phantom for $350M adds a dedicated security operations automation and orchestration toolset to its SIEM platform. A smart move to help Splunk’s customers remediate identified issues faster and more efficiently than ever before.

Automation moves beyond the SOC

Market momentum for automation is also happening beyond the security operations center (SOC). Take, for example, code and application security. Digital transformation—and the growth of cloud-based services—is a major driver in the shift toward application-centric methodology. Yet, more often than not, application risk is underestimated and addressed only periodically, not in a holistic, continuous way. Not surprising when more than half of respondents to a recent ESG survey of IT and cybersecurity professionals claimed their organization had a problematic shortage of cybersecurity skills. Additionally, by automating these tasks, valuable talent is freed up to focus on strategic business initiatives.

Not only do we need to account for the lack of security expertise organization-wide, but we need to do it during redefining customer experience, operational processes and business models due to the pressures of digital transformation and cloud migration. Not easy! Historically, security solutions have tended to be point solutions instead of being integrated into environments and workflows. Now, for security to keep pace with the velocity of development, IT and security leaders are recognizing the need to move toward a new approach where automation and orchestration are at the foundation of the application development and deployment processes. This is especially key when it comes to managing risk in a cloud-based infrastructure that grows rapidly and changes quickly.

Devsecops and automation

Code and application security testing need to be seamlessly embedded into the software development lifecycle. This is an important principle behind devsecops, integrating security visibility and assurance from code check-in to production and ongoing operations. In fact, Gartner reports that “by 2019, more than 70% of enterprise devsecops initiatives will have incorporated automated security vulnerability and configuration scanning for open-source components and commercial packages, up from less than 10% in 2016. In this case, security tool integration leverages automation and orchestration to provide repeatable approaches to security testing. Automation improves the vertically focused manual tasks, and orchestration ties together all the disjointed processes into a single view.

With the help of security automation, security teams can remediate defects early in the cycle, saving time and money. And despite the talent shortage, resources are optimized, and overall security assurance increases for CIOs and CSOs tasked with answering the Board and C-level’s burning question: “How secure are we?”