Automation – your outsourcing solution for cybersecurity
By Dr Csaba Kiss Kalló, head of portfolio for connectivity, mobility and security for Vodafone.
Cyber security raises many challenges for organisations in 2019 but recent developments seem to imply that automation could offer the answer to many of them.
Recently, Vodafone was a proud sponsor of Palo Alto’s Cloud Security Summit, held on January 16 in the Dublin Convention Centre. Nearly 300 chief information officers and IT professionals from across the Irish business landscape attended and a common trait that all had is a digital ambition to improve customer and employee cyber safety.
I sat through all of the keynote speeches, being a speaker myself, and one keyword that stood out for me on the day as a solution to this need was automation.
Greg Day, chief security officer EMEA with Palo Alto Networks visualised in the most effective way the power of automation. First, he shocked us by telling us that the world record for solving the Rubik cube is 4.9 seconds. (It would take me longer to name the colours on it.)
Then he clarified that this is the human world record. The fastest machine can do it in 0.637 seconds! That’s more than seven times faster and it’s achieved using automation.
As I’m Hungarian and the Rubik cube is a Hungarian invention (Hungarian sculptor and professor Ernő Rubik invented it in 1974), this illustration resonated very effectively with me and it got me thinking about the power of automation in the world of cyber security.
Market needs are rapidly changing and businesses need to change quickly themselves to stay relevant and to compete. Shifting parts of a business’ operations to the cloud provides a string of benefits which helps with achieving a connected digital ambition.
Reduced upfront investment, shorter innovation cycles, earlier deployment of latest technologies, shorter go-to-market times and more are all enabled by cloud services. However, migrating to the cloud does not come without risks and according to the IDC guest speaker Dominic Trott (associate research director, European security) cyber security is still the number one concern.
Interestingly though, cyber security is also the number three driver for cloud migration. This suggests that some companies have worked out for themselves how to cope with security in the cloud, while others are still working on it. Here are three challenges that were mentioned:
Moving with speed
Operating in a fast-paced business environment means that organisations need to move equally fast when it comes to deploying new services and in scaling them up. Changes applied to the organisation need to happen at high speed and this in turn often means speedy adoption of cloud services.
Many organisations do not feel comfortable implementing change at such speed because they are afraid that this will create gaps in the security shield of their operations. As a result they slow down, losing important competitive advantage.
The solution proposed by the industry is to deploy service monitoring systems that provide real-time insights into every security event happening within the organisation’s digital space. Such solutions provide the visibility to the business that is required to navigate security challenges at pace, and move ahead with scaling up their productivity in the cloud without adding risks to the business.
Real-time threat visibility enables automation, which in turn enables the business to expand at pace.
Coping with complexity
Another important challenge with cyber security is complexity. Cyber security technology is complex and it requires a lot of time and effort to upskill in this space in order to be able to understand what firewalls, intrusion detection and protection, DDOS, email security, web security, cloud security, etc all mean. But even understanding the many ways in which organisations can become vulnerable is a significant challenge to many as data loss, ransomware, phishing, etc come in so many different forms.
No wonder that many businesses struggle with this complexity and simply don’t deal with it, putting themselves and their customers at risk. The good news is that there are automated tools commercially available today that, when configured in alignment with the practices and needs of the organisation, can cope with the large variety of threats without human intervention.
Addressing shortage of security experts
The shortage of security experts is a fact that no-one debates. Some reports put the deficit at one million while others talk about even more unfilled security positions globally. Apart from the difficulty of hiring security experts there is a cost challenge as well, as high demand drives wages up.
This slows down even further the response to cyber security threats and opportunities in businesses. Smaller enterprises are challenged even more so, as their IT and security budgets are even more limited than those of multinational corporations.
Automation seems to provide a solution here too, because if a business’ security needs can be addressed through a managed service without the need to employ on-premise, dedicated cyber security personnel, the costs will become affordable.
In summary, my key take-away point from this edition of the Palo Alto Cloud Security Summit is that to address the limitations of businesses - such as moving at speed in the digital era, dealing with the complexity of cybersecurity technology and dealing with the shortage and high cost of security experts -- exploring the automated solutions already available on the market should be top priority in any company’s cybersecurity strategy.
Find out More