Guest blog by David Spark, Spark Media Solutions
“Most companies out there are having trouble with resources,” said Adrian Sanabria (@sawaba), Senior Security Analyst, 451 Research, who realizes throwing more bodies or money at an ever-growing security problem simply isn’t sustainable.
The solution is to automate, said Sanabria, or die. Sure, he’s aware most people are nervous about automation, but it’s necessary. The issue is securing your business. And the attackers aren’t going to wait.
“Email is not a good API,” said Sanabria in our conversation at the 2016 RSA Conference in San Francisco. The standard systems we have in place for securing, chains of human actions (e.g., downloading patches), and human-to-human commands (e.g., assigned tasks) have too many fail points and eat up far too much time.
APIs are the wave of the future, said Sanabria. We need tools and people who can automate things that integrate with all new technologies.
Sanabria is not lost on the obvious complications.
“There’s a constant balance between risk and disruption to the business, or disruption to the users, that you’re going to have to balance with automation,” he said.
To start, look for the easy wins, such as compliance, said Sanabria.
It’s not agile IT. It’s not DevOps. It’s just security, added Sanabria. This is the new paradigm of security and that’s how we all have to address it. Automation is key to maintaining security.