AlgoSec, the market leader for Security Policy Management, today announced the results of its “State of Automation in Security” survey. The survey revealed that 83% of organisations want the use of automation to manage security processes to greatly increase over the next 3 years.
Other key findings from the survey include:
- Lack of automation causes outages and breaches. 20% of organisations experienced a security breach, 48% had an application outage and 42% had a network outage as a result of a misconfiguration caused by a manual security-related process.
- Not enough automation. Only 15% of respondents reported that their security processes were highly automated. Over 52% had some automation in place but felt that it was not enough, and 33% said they had little to no automation.
- Motivations for automation abound, but so are concerns. The growing number of cyber threats, time spent performing security changes manually, and cloud and SDN projects were the top motivations for automation. However, concerns about accuracy, and the resources required to implement automation solutions, as well as difficulty driving organisational changes are inhibiting their proliferation.
- Automation serves the business. Over 80% of respondents believe that automation will increase the overall security posture of their organisations. 75% of respondents think it will improve application availability, as well as enable them to process security policy changes faster and reduce errors. 75% also feel that automation will reduce audit preparation time and improve compliance. 50% believe that automation will help deal with the IT skills shortage and reliance on experienced security engineers.
In a recent report, Gartner analyst Lawrence Pingree noted that “In the past, security professionals have been fearful and skeptical of automation. This, however, is changing, because organizations are acknowledging that a “human response” cannot react fast enough, which is compounded by the fact that there are not enough security practitioners in end-user organisations to perform manual human responses to threats”[1].
“Despite the increased focus and resources devoted to cyber security, security processes remain highly manual, with security engineers spending valuable time ‘keeping the lights on’ instead of focusing on business transformation initiatives,” said Nimmy Reichenberg, VP of Marketing and Strategy at AlgoSec. “The survey findings show that respondents believe that automation can alleviate some of the pressures on security professionals, allowing for improved agility and security. Yet, for automation to be truly effective, it must be a top down initiative, driven by senior executives, in order to ensure a uniform, structured and realistic approach to its implementation across the organization.”
Conducted in early 2016, the survey polled 350 C-level executives, senior networking, security, risk and compliance professionals, data centre and application architects.
Download the full report, “State of Automation in Security” including the infographic here
[1] Gartner, Intelligent and Automated Security Controls Impact the Future of the Security Market, 30 October 2015, Lawrence Pingree.