 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Automation is like running a marathon. It sounds like a great and noble pursuit until you actually go out and start pursuing it. At that point, it’s easy to fail if you don’t prepare yourself ahead of time for the challenges that are inherent to the process.
Indeed, although automation can provide a number of awesome benefits, whether you actually reap those benefits depends on how easy it is to implement and manage automation tools.
And, as many teams discover, doing these things may be harder than it often seems.
That’s why it’s critical to take a balanced approach to automation by being strategic about what and how you automate.
Keep reading for a discussion on what to consider before developing an automation strategy for your team or business.
If you work in IT or security, you probably don’t need to be reminded about why automation is theoretically useful. You already know about automation’s theoretical benefits: It can save time, reduce toil, reduce errors and so on.
What’s easier to overlook, however, are the potential pitfalls of automation. If your organization isn’t actually ready for automation, or the automation tools you choose are not a good fit for your organization, automation can do more harm than good.
Specifically, automation may lead to problems like:
To avoid these pitfalls, you need to take a measured and systematic approach to automation. Rather than jumping head-first into automation tooling without having a plan about how to deploy or manage it, ask yourself these questions.
Although it’s tempting to imagine that you’ll automate everything, almost no one does that. There will always be some processes that you operate manually, either because you lack tools to automate them, or they don’t occur frequently enough to benefit from automation.
So, sit down ahead of time and identify the specific processes you plan to automate. Make your choices based on how much benefit you’ll gain by automating each process, as well as how easy it will be to automate it.
Keep in mind, too, that some processes should be only partly automated. For instance, maybe you need to grant just-in-time access to a user. Elements of the process like identifying the user and confirming current access rights can be automated. But confirming whether that access is warranted can be left to a human.
Deploying automations can change the way a number of teams or individuals work. You should identify who those people are and how automation will affect them.
If you deploy security automations, for example, not only your security teams will be impacted. Network engineers, developers, IT engineers and so on also may be affected.
Make sure you have plans in place to communicate to all stakeholders how automation will affect them and how they need to update their workflows as a result.
Along similar lines, it’s important to determine who is responsible for maintaining automations and dealing with any unintended consequences of them.
Who will ensure that automation tools are updated to support a new type of resource? Who will document how the automation tools are deployed and configured? Who will be held responsible if an automation tool generates a false negative and you miss a risk as a result?
If you don’t have clear answers to these questions, you run the risk that your automations won’t be properly maintained and that they’ll create chaos within your organization.
Your rationale for adopting automations should never boil down to “because automation is good.” Instead, be specific in determining the outcomes you hope to achieve.
Are you automating in order to speed up workflows? To reduce toil? To do more with fewer engineers?
By answering these questions, you ensure that you can accurately assess the impact and return on investment of your automation initiatives. Otherwise, you are left in the position of having a vague automation agenda and a low ability to justify your automation investments.
Last, but certainly not least, it’s absolutely critical to ensure that your teams have the skills necessary to deploy and maintain automation tools.
This is vitally important because some automation tools are much harder to configure than others, no matter how easy they are to use once set up. A SOAR, for example, is great if it’s carefully tailored for your environment, but configuring it may require writing a lot of custom code and policies — processes that could be out of your reach if you don’t have skilled security engineers and developers at your disposal. On the other hand, security tools like Torq, which is designed to be easy enough so that even non-technical users can create security automations, require fewer skills to deploy effectively.
The point here is that you need to take a close look at your organization’s skill sets, as well as the automation tools you plan to use and make sure they are in alignment before you commit to automation.
Automation is great, but only when you wield it wisely. Instead of automating just to automate, be sure you have a purpose, a plan and automation tools aligned with them to maximize your chances of automation success.
