Combatting security with automation by Mark Warren, Product Specialist, Osirium

Making the most of IT and security resources has never been more important. However, it’s becoming increasingly difficult to achieve.

The UK is facing a significant cybersecurity skills gap that is only continuing to grow. According to (ISC)², there was a shortfall of 56,811 workers in 2022 – up by more than 70% on 2021.

Further, a UK government report released last year suggested that almost 700,000 businesses have a basic cyber security skills gap, lacking confidence in carrying our key tasks such as setting up firewalls, correctly storing data and dealing with malware.  

The challenges don’t end here, however. It’s not simply a case of businesses finding it hard to attract and retain cyber professionals given the dearth of talent available. Equally, it’s proving increasingly difficult to maximise their time and skillsets, with many IT and security experts continuing to be burdened with repetitive, low value and time-consuming jobs.

Too often their time is occupied with addressing requests such as resetting passwords, creating accounts for new starters, or checking to see if a server is operating as intended, leaving limited bandwidth available for improving security setups.

Alert fatigue is only exacerbating these current challenges, leaving cybersecurity professionals feeling even more overwhelmed. Indeed, more than four in five (83%) of cybersecurity professionals say they are struggling to cope with the sheer volume of security alerts as data volumes increase exponentially – an issue that is leading to stress and burnout, further hampering firms ability to retain talent, as well as increasing the chance that cyber threats are missed.

Empowering security teams with technology

The goal for many security leaders is, naturally, to improve security. As threats advance both in terms of volume and complexity, security strategies need to adapt and evolve in order to stay protected.

However, for improvement to even be an attainable reality, firms need to first find ways to more effectively and easily address low-value tasks to free up more time to focus on moving the needle.

Here, automation can be transformative.

By allowing technologies to undertake much of the heavy lifting in relation to repetitive jobs, businesses can empower their security teams with improved operating environments and dramatically enhanced productivity, providing a framework in which their skillsets can be maximised.

But how exactly can automation be leveraged in a security context to achieve these benefits? Here, we outline a three-pronged approach to privileged access security to consider as a starting point that can maximise both human expertise and automated technologies.

  1. Privileged access management (PAM)
    PAM is different to identity access management (IAM) in the sense that it goes beyond proving the identity of each user in a network, implementing additional policies to determine which systems they may access, with what privilege level, and monitoring and recording what they do while they have privileged access. While IAM is all about proving who you are, PAM controls what you can do and how you can do it, ensuring that users are only provided with access to those systems and applications that they truly need to complete their work. In this sense, it is central to successful zero trust strategies as a sound means of achieving the principle of least privilege and it makes access to IT systems faster, removing complexity that slows admins down.

  2. Privileged process automation (PPA)
    Of course, the creation of users and management of their privileges that PAM demands is critical to ensure staff only have the minimum level of access for the minimum time needed – core requirement for “zero trust.” It can be a daunting and time-consuming process if approached manually. If access control teams are left to deal with these workloads themselves, they will quickly find themselves overwhelmed, resulting in mistakes such as too much or not enough access being provisioned. Thankfully, these issues can be overcome with PPA – a powerful tool that can be used to automate many access control tasks. For instance, it can be tied into central HR systems so that when new starters join, their user accounts are automatically provisioned with the appropriate access rights that align with their respective job role. Privileged process automation extends the protections of PAM by ensuring only approved tasks are performed with privileged access. Not only can this enhance productivity, ensuring that nobody is left waiting for permissions to be granted, but tasks can be completed more quickly and accurately reducing the burdens on security teams.

  3. Privileged endpoint management (PEM)
    Often, a key focus of access control strategies is reducing the number of privileged accounts on shared IT services and devices, yet privileged access is also present across most end user laptops and workstations. That’s a risk as it allows users to install infected software. A tempting option is to remove the local admin privileges completely but certain users will still require privileged access to work effectively. Further, in organisations where administrator rights have been removed from all endpoints, IT and security teams can end up being bombarded with requests to make configuration changes such as installing software applications. Here, PEM allows for the removal of administrator rights from users while escalating privileges for specific processes where necessary. Critically, this serves to ease any frictions for users while also reducing the workloads of security and IT teams.  

Creating effective automated security frameworks

By combining PAM, PPA and PEM, organisations can simultaneously improve their overall security posture while improving productivity and enhancing the employee experience.

While PAM is focused on improving protection, ensuring all users are provided with the right level of access permissions needed to complete their work, PPA reduces the burdens that could stem from this by automating much of the workloads involved with creating and managing user permissions, while PEM also helps by removing local admin rights without creating an influx of helpdesk requests.

While security is traditionally viewed as being at odds with operational productivity, this is no longer the case. Indeed, with the right suite of solutions implemented in the right manner, both security teams and the wider business can benefit.

In the case of access management, it’s about creating a framework in which users can complete their work faster through the seamless provision and management of privileges required for specific workloads.

To achieve this effectively, automation is key. Indeed, it is now a critical component of any robust and effective cybersecurity program.

Recommended For You

About the Author: Michael O'Sullivan