Government revs up IT security automation
- By Stephanie Kanowitz
- Feb 12, 2020
The public sector is expected to be the fastest-growing user of automation in the next six to 12 months, a new survey finds.
Specifically, 40% of public-sector respondents to “The 2020 Study on Staffing the IT Security Function in the Age of Automation: United States and United Kingdom” said they expect to use automation within the next year. Of the 1,027 total respondents, including commercial workers, 36% said they expect to do the same.
What’s more, 32% of public-sector respondents to the survey, sponsored by DomainTools and released by the Ponemon Institute on Feb. 11, said they already use automation.
“There are a number of findings that I think are really cool,” said Larry Ponemon, chairman and founder of the institute. “Probably the most important question is, 'Will automation improve the ability of the IT security staff to do their job?' And not surprisingly, more than 70% say it enables the IT security staff to focus on more serious vulnerabilities.”
One reason government is turning to automation seems to be agencies' inability to properly staff skilled IT security workers. Half of public-sector respondents said that challenge has increased their investment in automation tools and technology.
Additionally, 67% of public-sector respondents said automation is helping to reduce stress on information security personnel. Along those lines, 69% of respondents said automation improves those workers’ ability to do their jobs, 75% said it enables them to focus on more serious vulnerabilities and overall network security, and 37% credit automation with taking on time-intensive, manual tasks that are “mission-critical but not a good use of staff time.”
For instance, using automation to analyze security incident logs can reduce the number of false positives and speed analysis, which, in turn, improves productivity, the report found. Sixty-eight percent of the total respondents said in the next few years they expect to automate log analysis, followed by threat hunting (60%) and malware analysis (57%), and 82% said that preventing downtime caused by security incidents is a reason to automate.
Another check in automation’s pro column is its ability to reduce human error, which 41% of public-sector respondents said they expect.
Still, the outlook isn’t all rosy in the public sector. Nearly half of respondents -- 48% -- said interoperability issues among automation technologies are one reason why they’re not adopting automation. Other challenges include a lack of in-house expertise (55%), heavy reliance on legacy IT (45%) and lack of budget (43%).
Funding ties all those together, said Corin Imai, a senior security advisor at DomainTools. “Being able to properly staff means that you have to have the backing financially. Being able to onboard automation means that you have to have the buy-in of those that are overseeing the budget to see the value in it,” Imai said.
One of the most notable findings in the report, Imai said, is that 52% of public-sector respondents said they expect automation to reduce the IT security headcount. More specifically, 35% said they worry about losing their jobs because of automation, and another 35% said automation will increase the need to hire people with more advanced technical skills.
Although understandable, those fears are somewhat unfounded, Imai said, especially with the number of open cybersecurity positions expected to hit 3.5 million next year, according to Cybersecurity Ventures. For instance, although organizations are replacing some basic functions with automation, the people doing them now could be trained to move up to handle higher-tier tasks.
“Automation won’t replace some of the smaller shops, but it will start to replace some of the functions within an organization or an IT security organization,” she said. “There’s always a human element. No automation tool can work solely on its own. It has to be trained and it has to be given the right type of data and it has to be observed.”
Fiscal 2020 was the second year that the institute has done this particular research, and Ponemon said he’s looking forward to learning where automation leads in the future.
“We think we’re still in the infancy, in the early stage of automation, and relating to that, of course, will be machine learning, orchestration and artificial intelligence,” he said. “We’re starting to see some really interesting relationships develop over time.”
Public-sector respondents made up 11% of participants in the survey, which had a margin of error of 4%.
Read the survey here.
Stephanie Kanowitz is a freelance writer based in northern Virginia.