Gone are the days when traditional firewalls and host-based controls were enough to secure your data and applications. To address a constantly shifting attack surface — as well as the flexible nature of DevOps and agile approaches to infrastructure, configuration, updates and scaling — you need security that responds immediately and automatically. And its perimeter must extend way beyond the network to every person, device and code.
With security automation, you can build an environment that’s designed to address today’s biggest threats — as well as increasingly stringent compliance requirements. It requires revisiting everything you think you know about security, from processes to maintenance — but with these four steps, you’ll be well on your way to automating your cloud security.
1. Automate asset discovery and management
Businesses are innovating and moving to cloud faster than their cloud security operations practices can keep up with. Having an accurate picture of what’s deployed can be a challenge. And with multiple people working in your cloud environment, there’s a risk someone might spin up an instance and not think to apply appropriate security. This could expose your entire environment, making it an access point for threats and vulnerabilities — and taking it out of compliance standards.
Even with a limited team, you have security automation tools available. Hyperscalers take security seriously, and so utilize automated security tools they make available for asset discovery, environment visualization, APIs, vulnerability scans, security health checks, and more. These can help reduce human error, provide visibility and save you time.
Set up automation to continually scan your environment for new workloads, cloud instances and configuration changes, and you’ll be notified when changes are made that fall outside your security policies and controls. Build automation through security engineering to automatically apply security policies to new servers and instances. This will bring them into the fold of your security and technology policies and ensure your environment is fully covered as it scales.
2. Enable DevSecOps security champions
Developers want to do the right thing. Educate them in security to encourage a broader awareness and competence. Companies that do this well have a DevSecOps security champion. These experts ensure processes are fully integrated and help drive good security practices within their teams. Train all these people well, make them accountable and incentivize everyone to integrate good security practices.
This involves building security into apps before you take them to market. Automate secure code development, fault identification and insecure code library scanning, and build automated protections into code. If a database identifies that a server keeps getting unusual actions, have the app turn down that database and spin up another. As code is committed, use dynamic scanning and analysis to create an automated feedback loop that informs about bugs and vulnerabilities.
Your DevSecOps security champion will ingrain these things into processes and the very culture of your company. They will ensure developers use the right processes and talk to the right people, lowering the chances of problems and putting security at the heart of everything you do.
3. Leverage security monitoring and automation for incident response
This is an area where we’re starting to see a lot more investment in orchestration of risk. That can happen through automating investigation when an event happens and/or by having an automated response. Tools are available to do this now and AI will play an increasing role in the future. More hesitant organizations, slower to embrace automation and cloud native approaches, may leave more humans in the chain; but automation will still be beneficial through making it easier for them to analyze and respond.
Whatever level of automation maturity your organization is at, have your incident response plan documented — many companies do not. This can waste time during critical moments if someone is faced with an alert and doesn’t know what to do. For common security incidents that keep recurring, establish a runbook. Where possible, mitigate issues with code and automate remediation steps.
4. Continually evolve and extend security and automation
Do not assume you can ‘spin up and forget’ when security threats you face change rapidly and constantly. Instead, security automation must be maintained and continually evolved to meet new threats, whether that means adjusting practices, applications, rule sets, vulnerabilities or what’s acceptable from a risk standpoint.
Constantly identify new opportunities to automate — not least manual administration tasks — to free up people’s time for more important things. Use AI to help respond to situations and determine appropriate responses, and to evaluate policy rules before they are implemented. Make AI something that can safeguard you from human issues and ensure your people aren’t flooded with alerts by filtering out what doesn’t matter.
Failure tends to occur when companies are afraid of making changes and breaking existing automation (in which case, they are not agile) or when security fails because it’s not appropriate anymore and you have more exposure than expected (in which case, you have bigger problems).
The future of security automation
AI will increasingly play a far greater role in security automation, but we must avoid the assumption this means it will take people’s jobs. AI is best considered an assistant in the cybersecurity world. It makes people’s jobs easier and better, safeguards us from misconfigurations and allows people to focus on what matters — rather than wasting time on 500 things that don’t and missing the one thing that does.
In the near future, we’ll see better tooling for development. Automated response capabilities will improve, with developers commonly integrating self-healing and self-protection into applications by shutting down an instance when suspicious login activity is detected. We’ll more often use AI to determine appropriate responses to issues and smarter AI administration that evaluates policy prior to implementation.
Longer term, we may well see AI play an even bigger role, with automated deception technologies that confuse attackers by randomly changing a VPC layout or spinning up a slew of tempting VMs to add noise by way of a self-constructed honeypot. That might sound a little out there, but it’s within the realm of possibility and serves to highlight the pace of change we’re seeing in this space.
So whatever aspects of security automation you want to take advantage of, start today to ensure you remain competitive and don’t get left behind.