For those of you of a certain age, the title of this blog post may bring back some memories of the REM album of the same name. As I was sharing my album collection with my eldest son, I came across this album and the title struck a chord with me as to the issues we are facing today in cybersecurity.
In our current threat environment, our systems are inundated by new, old and evolving threats on an hourly basis. The threat actors behind many of these threats are becoming more sophisticated and persistent in how they try to breach our systems. We also have a proliferation of different security solutions addressing different types of threats. While these solutions may be effective in their own right, they are also operating in relatively siloed environments requiring unique training, skills and even tools to manage them. With the migration of many companies from on-premise systems to the cloud we now face the challenge of securing hybrid environments, which in turn require unique solutions to address those challenges.
As if the above did not present already overstrained cybersecurity teams with enough challenges, the COVID-19 pandemic has further exasperated the situation. With many people working remotely during the pandemic, security teams are left struggling to determine how best to deal with the demands of securing a remote workforce. Many more staff than ever before are now accessing systems remotely, and security teams need to confidently ensure those accessing organization systems and data are who they claim to be.
The traditional response to cope with increased workload was to simply recruit more people to get the work done. However, the increased importance placed by many organizations on cybersecurity has resulted in a corresponding increase in the demand for skilled cybersecurity professionals. This increasing demand from a finite limit of resources has led to an acute skills gap and skills crisis within the cybersecurity industry. We simply do not have enough people and with the right skills for every organization to address their cybersecurity challenges.
All of the above has led to a perfect storm within many cybersecurity teams where overworked and overstressed staff are struggling to meet the demands placed on them, and in some cases leaving the industry rather than face burn-out. This, of course, in turn leads to adding more strain on an already creaking system.
This is where my thoughts on “Automatic for the People” came to mind. In 1913 Henry Ford introduced the first production line into his motor factories. This was to prove a significant step in not just the motor car industry, but also across all industries that quickly adapted the idea and applied it to their industries. The production line automated a lot of the processes involved in assembling a car and allowed routine and repetitive tasks to be completed more quickly. The automated production line enabled Henry Ford to reduce the amount of time it took to assemble a car from more than 12 hours to just over 90 minutes. Over 100 years later that production line has been made even more efficient by the use of robots completing repetitive and boring tasks, while freeing workers up to focus on other more complex tasks.
Within our cybersecurity operations we need to look at more effective ways as to how we can automate simple, predictable, and repetitive tasks. This should not only enable us to react better and more quickly to the threats that face our organizations, but it will also free up skilled and expensive staff to focus their skills on other valuable projects.
Automation solutions can also be a security control in itself by ensuring key tasks are done effectively and on time. We all are aware of various websites suffering the embarrassing and reputation-damaging situation of their TLS/SSL certificates expiring. Having the process of managing digital certificates fully automated ensures that there is a clear picture of where all the certificates are, whether that be on websites, for signing code, for managing IoT devices or providing secure access for remote users. That overview will ensure that certificates can be renewed and refreshed in a timely and appropriate fashion, and even just as importantly, revoked when required.
Adhering to the old model of managing certificates by either using a spreadsheet to track the above, or employing email and calendar reminders, is not sufficient in today’s challenging environment. There is still too much emphasis on manual intervention with the associated risks of human errors and omission. Also, digital certificates are needed everywhere in today’s distributed and cloud environments, making manual certificate management an overwhelming task, one made prone to error by the sheer volumes alone. Discovery and automation solutions of the certificate lifecycle is a must for organizations to adopt, and they need to make it a priority in the next 6–12 months.
Circling back to being inspired by the album Automatic for the People, if we continue to live in “Ignoreland” without automation, we will end up where “Everybody Hurts.” But with proper “Drive” for cybersecurity automation, we can end up in a situation where “Sweetness Follows.”