Risky business — the dangers of manual processes

Major security attacks have led to a surge in awareness of the risks associated with delayed threat mitigation. Yet despite increased security efforts, breaches remain a common occurrence. As security teams fight the battle on a daily basis, chief information security officers struggle to answer the question ‘Is my security posture improving or deteriorating?’

Why is this happening? What else can be done when attacks are no longer a question of if, but when? A new study by Enterprise Strategy Group (ESG) shines a light on the issue. Nearly 75% of those surveyed said that incident response tends to be based upon informal processes, while 93% said that the effectiveness and efficiency of their response strategy is limited by the burden of manual processes.

Although organisations have invested heavily in identifying security vulnerabilities, there is a significant lack of formalising of the incident response workflow. Security teams are inundated with alerts from multiple sources, such as emails, spreadsheets and telephone calls. Does this mean that they have better visibility over the security posture? No. In fact, of those surveyed by ESG, 61% believe that incident response has become more difficult over the past two years.

This is a familiar story for IT teams who live with these frustrations every day. ServiceNow’s report on the productivity drain in Australia showed that a mere 16% of IT support in Australia had automated systems in place. Specifically with IT, manual tools and processes not only hinder a team’s ability to find issues and solve them quickly, but also become a risk, as time to containment is key to reducing the cost and impact of a breach.

Most informative of all from the ESG report is that the reliance on manual tasks likely aggravates the divide between IT and security teams. These groups are often disconnected and their goals unaligned, yet fixing most incidents or threats requires collaboration between them.

Buying more software to detect potential threats still won’t bridge this gap if the process isn’t streamlined. Much like regular business operations, when your employees are spending more time administrating processes, there is inevitably less time for strategic initiatives. Organisations require a centralised process for incident and vulnerability response through a clear, fact-based view into security posture — a system that will enable one to prioritise security risks, giving the relevant team insight into the status of an asset. Automation of these mundane tasks frees up IT and security teams to address critical issues. The single platform also enables security and IT teams to respond to incidents together.

This is merely a first step. The intent is to not only modernise incident response, but to aid organisations in the incident investigation process with more context and threat data. Through applied automation and orchestration, organisations can respond faster… and even automatically.

David Oakley is Managing Director, ANZ, for ServiceNow, a major SaaS business with $1 billion in global annual revenues. Previously he has held senior sales and management positions with Oracle and BEA Systems.

Image courtesy Bill Dimmick under CC BY-ND 2.0