Picture of blog writer

Blogger: Robert Ivey CTO rivey@gca.net

May 09, 2017

Automation is everywhere these days, especially in the IT security space. Everything done in modern-day security revolves around automation. In reality, every single operation in a security organization can theoretically be done manually if you have the time and the staff. Take your Security Operations Center (SOC) as an example. The individual logs generated by every system in your environment could be reviewed by a team of analysts and they can identify trends and anomalies while doing those tasks. Your Security Information and Event Management (SIEM) tools started as log aggregation tools meant to allow analysts to gain efficiencies by having a single common interface to store, analyze and report on all logs throughout an organization more efficiently.

Over time, those log aggregation utilities matured to include real-time correlation on the logs and allowed the specialists utilities where they could define various pre-determined combinations to automatically be detected and create alerts for analysts to research in more depth. Continued maturity has allowed for integration with various other utilities as well as subscriptions to thousands of definitions that are constantly being updated, similar to anti-virus definitions. The modern SOC can identify threats in real-time, thanks to automation.

There is a big opportunity for organizations to make leaps in efficiency and accuracy in data access governance. In the access governance arena, many organizations today still log into applications and create lists of users and their access in spreadsheets. Those spreadsheets are cross-referenced against authoritative sources and divided up into smaller spreadsheets that are emailed to managers and application owners throughout enterprises for quarterly, semi-annual and annual attestations.  When auditors need to see reports, they are sent dozens of email trails containing remediation actions with ITSM ticket numbers associated with each. Samples are verified to ensure the processes have been followed as documented.

This space, like the SOC, is maturing through automation. Most modernized applications can allow for on-demand access via API or some sort of automated report of the necessary data. Software applications have arisen that will consume these feeds, run normalizing business logic on the data and automatically marry the accounts with their respective rights to the appropriate owner. The additional data sources can be used to determine who the appropriate recertifiers should be and provide an intuitive, mobile-friendly interface to allow approval.

Additional maturity is being created to allow the business to really hone in on the highest risk entitlements, users and systems to ensure the focus is spent there instead of the low risk items. Integration with Identity Management systems, enterprise reporting engines and data governance tools help to add further automation for fulfillment, automated reporting for auditors as well as enhanced metadata to help recertifiers understand the associated risk with the access for users.

In IT security, each of these roles can be done without any sophisticated software suites or skillsets.  Armies of analysts can be used to accomplish these goals. Thought leaders at organizations have been innovating and automating in this space for decades. If you compare where we are today with where we were just 10 years ago, the progress is astounding.

Today’s modern CISO must determine their primary areas of focus, develop a goal, then find ways to apply automation and innovation to ensure it is accomplished. Each area of focus needs to be thought of as a program, not a project. A project has a beginning and an end, but security is never complete.  Once an innovative method is created, it must be continually reevaluated, rethought and re-imagined.  Nothing in security can stagnate. Think of where the modern SOC and Access Governance programs were just 10 years ago and compare them to today. In another 10 years where will they be?

Let’s talk about data access governance.  Contact Us today for a complimentary consultation about data access governance solutions for your organization.