Katell Thielemann, research vice president at Gartner, explains that the automation continuum emerging in the security and risk landscape is one where new mindsets, practices and technologies are converging to unlock new capabilities. Using automation in areas of identity, data, and new products and services development were identified as three critical areas for the security and risk enterprise.
“We are no longer asking the singular question of how we’re managing risk and providing security to our organization. We’re now being asked how we’re helping the enterprise realize more value while assessing and managing risk, security and even safety. The best way to bring value to your organizations today is to leverage automation,” said Ms. Thielemann.
Automation is All Around Us
Automation is already all around us — and it is starting to impact the security and risk world in two ways:
* As an enabler to the security and risk function itself
* As new security frontiers that need to be acknowledged and understood
“Automation follows a continuum of sophistication and complexity, and can use a number of techniques, either stand-alone or in combination,” said David Mahdi, senior research director at Gartner. “For example, robotic process automation currently works best in task-centric environments, but process automation is evolving to increasingly powerful bots, and eventually to autonomous process orchestration.”
By 2021, 17% of the average organization’s revenue will be devoted to digital business initiatives, and by 2022, content creators will produce more than 30% of their digital content with the aid of AI content-generation techniques.
“What this means to security and risk management professionals is that our organizations are likely building solutions and making technology-related choices often without realizing the risk implications of what they are doing,” said Mr. Mahdi.
Balancing Emerging Technologies and People
“Automation is just the beginning. Emerging technologies will change everything and impact security and risk directly,” said Beth Schumaecker, director, advisory at Gartner. “Our reliance on data is ever increasing, yet it poses one of the largest privacy risks to organizations. In the next two years, half of large industrial companies will use some emerging form of digital twins, which will also need to be secured.”
The demands of these emerging technologies and digital transformation introduce new talent challenges for the security function, altering how organizations expect security to be delivered.
“Digital transformation demands that security staff play a wider range of roles, from strategic consultants to threat profilers to product managers, which in turn require new skills and competencies,” said Ms. Schumaecker. “It’s already impossible to fill all our existing vacancies.”
Mission-Critical Areas in Automation
The three mission-critical areas in today’s enterprises are automation in identity, data and new products or services development:
* Identity is the foundation for all other security controls, especially as the business increasingly moves to cloud environments. Identity decisions should always remain within the organization’s control, whether it is about humans or machines.
* Data is what organizations now depend on for virtually every transaction, and it needs to be shared as much as it needs to be protected.
* New products and services developed as emerging technologies gain a stronghold, prompting organizations to adapt and push the envelope.