InfoSec Insider

The Uncertain Future of IT Automation

While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.

The majority of today’s cybersecurity breaches stem from unpatched vulnerabilities and outdated systems, which means that many cyberattacks are preventable. Unfortunately, it can be challenging for IT teams to keep up with the pace of new patches every month, especially when employee devices are scattered across a distributed workforce and there’s a shortage of cybersecurity professionals. These emerging factors make efficiency a critical component for any IT team.

Infosec Insiders Newsletter

To enable a rapid discovery of new exploits, more companies are turning to IT-automation tools for patching and system management. By streamlining the processes and reducing the workload, IT teams can quickly address new severe exploits and save time to focus their efforts on more high-impact projects.

However, while the trend of automation will continue to grow, there still remain many challenges to its adoption, and new innovations or threats could change how the future looks for this technology.

What Can We Expect in IT Automation in the Near Future?

First and foremost, IT automation will adapt to distributed environments. When we surveyed IT professionals, 80 percent stated that the process of managing endpoints has become harder as a result of more employees working remotely. Having to both maintain management servers across multiple, distributed sites and with sporadic, inconsistent connectivity to endpoints has made it difficult for IT teams to remain efficient and nimble. This has led to more organizations looking for cloud-native solutions to remedy these challenges.

Cloud-native technologies make connectivity with remote devices easier while staying secure without the use of VPNs. They also improve visibility into the exact, real-time status of a device. IT teams will have an easier time pushing patches automatically without worrying about VPN bandwidth restrictions. Within the next year, anticipate that more businesses will realize these immense benefits and replace existing tools with cloud-native IT automation.

On the flip side, challenges remain, such as addressing burnout and emerging security concepts.

IT and Security Teams’ Mental Health Comes to the Fore

One thing that has become evident in the 2020s is that there is a lack of attention on and investment in employee mental health and safety. This is especially true when it comes to IT and security workers, who have come under enormous pressure and stress in our hybrid world today, where both outages and cyberattacks aren’t just common, but expected to happen at all times.

Automation is one way to drive more accessibility and ease-of-use for IT teams. While in the past the core argument for automation is to provide more time for innovation, today the argument must simply be, automation creates more time for teams — but we’re not there yet.

Consider the (relatively) recent issue with the Log4j vulnerability. The issue wasn’t “just” that there was a new vulnerability to respond to and worry about. It was that many security and IT professionals had to go through the manual task of updating every endpoint across their system, while managers and even the C-suite watched over their shoulders.

This isn’t easy – it’s stressful, and it will make your teams more likely to quit, which is just unacceptable as we continue to navigate a world reshaped by the Great Resignation and IT skills shortage.

New IT Security Concepts Are on the Horizon

As Automox predicted at the end of last year, IT and security transformation continue as organizations everywhere try to find a new normal following the disruptions of the pandemic, and IT automation will have to adjust.

This has been challenging for many organizations — and more importantly, people, as discussed above — but there are silver linings too. The pandemic has pushed new innovation across many areas, with exciting new tools and practices on the horizon for IT and security teams.

One innovation that is particularly interesting is cybersecurity mesh architectures. Gartner has claimed that “organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90 percent” by 2024.

A cybersecurity mesh architecture leverages various parts of the enterprise to integrate widely distributed, disparate security services. This is key to managing and accounting for a workforce that has never been more remote and globally distributed. Designing and implementing an IT security infrastructure that is not focused on a single perimeter, but instead smaller individual perimeters around each access point, provides quality-of-life improvements as well as more control over an organization’s overall security profile.

Another trend that may seem overdue but is very much happening in real-time is the transition of ITOps and SecOps tools to cloud infrastructure. This includes firewalls, cloud access service brokers (CASBs), web gateways and other tools, as teams wind down legacy on-prem contracts and move to the cloud for more accessibility, speed and scale.

Bottom line: IT automation is a transformational trend that is already occurring across the enterprise today, but it needs to accelerate in order to address the many pain points security and IT teams still face today.

Chris Hass is the Director of Information Security and Research at Automox.

Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.

Suggested articles