Powered by MOMENTUM MEDIA
Powered by MOMENTUM MEDIA

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Op-Ed: IT automation boosts security and drives efficiencies as compliance takes centre stage

Abby Kearns

As CTO of Puppet, I am constantly reading about trends related to automation, compliance, security, cloud and more. In my reading, I’ve been fascinated with the rapid changes happening in Australia, as regulatory bodies respond to a proliferation of cyber attacks with new laws under Australia’s updated Cyber Security Strategy 2020.

As CTO of Puppet, I am constantly reading about trends related to automation, compliance, security, cloud and more. In my reading, I’ve been fascinated with the rapid changes happening in Australia, as regulatory bodies respond to a proliferation of cyber attacks with new laws under Australia’s updated Cyber Security Strategy 2020.

This new strategy “seeks to create a more secure world for Australians and businesses, ensuring that cyber readiness becomes a fundamental part of everyday life”, setting government, business and community as three pillars to support the initiative. Businesses are required to improve baseline security for critical infrastructure and grow a skilled workforce to ensure products and services are protected from cyber attacks.

Advertisement
Advertisement

With the proliferation of high-profile hacks, data breaches and ransomware, organisations are feeling insecure about security and the need to protect their reputations like never before. As IT infrastructure grows and diversifies, it presents a broader front for attackers. Still, not all security issues have to do with purposeful hacks and attacks. For many IT teams, the challenge is maintaining strict rules and regulatory requirements for everything from credit card data to health information privacy. Failing to maintain compliance can put the organisation at risk of everything from lost business to substantial fines — or worse.

Compliance one of many competing (and conflicting) priorities

Australian IT leaders now need to prioritise compliance along with a host of other priorities. While they need to ensure their organisation abides by government and industry regulatory mandates, made all the more complex for those with global footprints and teams, IT leaders also need to balance delivering on product development and innovations, addressing quickly changing customer expectations and demand. These can often feel like competing priorities and make compliance seem like an inhibitor of innovation. 

It’s true that audits slow development as IT teams work to meet the needs of the security team and other internal auditors, rather than working on the needs of product delivery. This conflict of priorities quickly manifests itself as resentment from both the auditors and developers. Too often, security considerations hold up deployment and result in a lot of re-work, too.

Automation is key

Infrastructure as code is becoming the leading approach in today’s hybrid environments to drive efficiencies and increase flexibility. IT leaders that incorporate continuous compliance policies into their infrastructure (whether on-prem or in the cloud) can save thousands of dollars and countless hours by reducing the complexities (and overhead) of audits.

Gartner found that by 2023, 60 per cent of organisations in regulated verticals will have integrated continuous compliance automation into their DevOps toolchains, improving their lead time by at least 20 per cent.

Most security and ITOps teams still work in silos with disparate tools and priorities. Automation allows teams to proactively manage compliance without disrupting, or duplicating, the security team’s workflow.

Having visibility into infrastructure changes as they happen and homing in on the types of changes that could be malicious enables the operations team to work more closely with the security team to provide a clear view of what’s happening. Tools that provide a holistic view of compliance status throughout cloud and on-prem environments can generate automatically updated reports that depict the current state of the infrastructure and can be easily interpreted without deep technical knowledge.

Importantly, it helps IT teams follow a consistent, reliable process for each stage of the compliance life cycle — from assessment to remediation to enforcement – and gain confidence in their compliance posture.

If the year 2020 is any indicator, compliance will only continue to increase in importance going forward. Organisations need to make their growing infrastructures more secure against external and internal threats, as well as more compliant with evolving regulatory, business and customer requirements. By automating and streamlining the compliance process, organisations can encourage better collaboration between operations and security teams, and allow teams to spend a lot less time remediating security issues.

Abby Kearns is the CTO of software solutions provider Puppet.

Op-Ed: IT automation boosts security and drives efficiencies as compliance takes centre stage
Abby-Kearns-csc.jpg
lawyersweekly logo

more from cyber security connect

Jul 28 2021
Iranian hackers pose as female to honeypot defence contractor
An Iranian linked hacking group spent years cultivating a Facebook profile to target a defence contr...
Jul 28 2021
Aus Cyber Security Centre unveils new foreign supply-chain guidelines for businesses
If there’s anything that recent cyber security attacks have taught the industry, it’s that even ...
Jul 28 2021
RMIT unveils plans to launch supercomputing facility, first Australian university to reach milestone
Melbourne’s RMIT has unveiled a plan to be Australia’s first university to launch a cloud superc...