One of many greatest hidden dangers of IT automation is just not securing the information used to coach automated techniques, says Kevin Miller, CTO, America, at enterprise software program firm IFS. “Taking it a step additional, automated techniques might have vulnerabilities that dangerous actors can exploit — even anomaly detection itself will be hacked,” he says.
This leaves firms prone to the automated propagation of threats, Miller says. “For example, if an attacker beneficial properties management over an automatic course of, they’ll unfold malicious code, software program, or actions throughout the system way more shortly than in a non-automated surroundings,” he says.
This might result in sooner and extra intensive injury earlier than detection and remediation efforts will be initiated, Miller says. Firms will need to have full visibility and fixed monitoring of techniques to find out whether or not an anomaly is attributable to a foul actor who can steal delicate information about an asset, the corporate, or its clients.
Magnified information administration points
Information administration is usually a essential a part of IT automation, nevertheless it won’t happen to groups when deploying instruments to automate processes. This may result in issues.
“Utilizing stale information — whether or not it’s by seconds, minutes, hours, or days — to automate IT applied sciences is rather a lot like utilizing outdated, non-current site visitors information to summon an Uber,” says Erik Gaston, CIO of safety firm Tanium.
“It gained’t work, and it’s not a good suggestion,” Gaston says. “With out real-time information, organizations are restricted in what they’ll scale. So as to add to the danger issue, when organizations attempt to automate past what they’ll scale, it could actually break essential processes.”
Furthermore, Gaston says, lack of real-time information when scaling automation can add to cybersecurity vulnerabilities. “When automation know-how is just not utilizing real-time information, it could actually fail to detect a essential risk or zero day, which may end in a knowledge breach going unnoticed lengthy sufficient for the dangerous actors to take advantage of vulnerabilities and acquire unauthorized entry to techniques or information,” he says.
To deal with such points, RaceTrac’s Williams says the comfort retailer operator has in place a federated information governance technique that gives a structured methodology for information administration. “The cornerstone of this strategy is guaranteeing that each one information underpinning IT automation is completely vetted, compliant with related rules, and meets the very best high quality requirements,” he says.
A federated information governance technique achieves a fragile stability between centralized governance controls and the flexibleness of decentralized entry, Williams says. “This technique permits for top-down governance oversight whereas empowering customers with the autonomy to self-serve,” he says.
This technique allows organizations to “harness the total potential of IT automation, guaranteeing that their efforts are constructed on a basis of strong information governance and are resilient within the face of evolving know-how landscapes,” Williams says.
Complacency
One other danger is that duties, as soon as automated, are more likely to not be reviewed by IT later.
“Complacency is a really actual danger on the subject of IT automation,” Tricentis’ Kichen says. “When one thing works with out a lot want for human intervention, it has the potential to be simply neglected. IT groups might overlook or ignore the underlying course of steps, and this mind-set results in potential issues and dangers that may simply come up undetected and unaddressed.”
One instance is human sources off-boarding. “The potential of the method breaking down could be very excessive and issues going undetected are frequent, as everybody tends to imagine every little thing is working as meant,” Kichen says.
If the automation works and it doesn’t create apparent errors, IT groups would possibly overlook about it. “This implies it doesn’t get periodically reviewed to see if prior safety or IT assumptions stay true,” Kichen says.
On the time of its creation, these choices have been most likely affordable, Kichen says. “However over time, the underlying assumptions that drove these choices change,” he says. “If IT groups don’t have a corresponding course of to periodically overview the automation and its implementation, they’ll get uncovered to severe dangers that will have been nonexistent when it was initially created, however at the moment are there and related.”
The failure to watch automation techniques can lengthen to a failure to maintain tabs on {the marketplace}. “Within the intervening months or years, new distributors might seem that really construct a product that extra securely and effectively does the factor the staff initially automated,” Kichen says. “If groups will not be looking out for these developments as a result of their course of in place works, then it gained’t be till one thing dangerous occurs that they start to rethink their strategy and notice that the know-how and vendor panorama has superior.”
Governance isn’t a given
It would sound like a contradiction, however IT wants to watch and handle the flexibleness and autonomy enabled by automation. In any other case issues can spiral uncontrolled.
“Automation is in the end a spectrum, that means it’s as much as every group to find out its particular person danger tolerance and act accordingly,” Tanium’s Gaston says. “And whereas this flexibility will be helpful, it necessitates cautious planning, common and real-time monitoring, and ongoing coaching for IT personnel to make sure they’ve the abilities essential to handle and troubleshoot automated techniques.”
It’s additionally necessary to know the dependencies of any workflow that’s automated, to keep up reliability and resilience. “That is particularly necessary on the subject of dated legacy techniques that always don’t do effectively with change and develop into extra brittle with automation,” Gaston says.
One resolution to controlling the usage of automation is to create a governance program. “As with all rising know-how, rules and requirements proceed to emerge relating to automation, and plenty of organizations have but to find out the best way to embrace automation in a way that finest aligns with enterprise aims,” Gaston says.
“At the same time as we automate utilizing best-in-class platforms, it’s crucial to take a look at workflows and processes and make sure the proper guardrails, dependencies, and actions are in place,” Gaston says. “This ensures you may construct a contemporary group that reduces danger and strikes IT from administration to innovation.”
Overdependence on automation
Is there such a factor as an excessive amount of reliance on IT automation? Probably, if it means a decline in different areas.
“Relying closely on automation can result in expertise atrophy amongst IT workers, the place guide troubleshooting and intervention expertise might decline,” IFS’ Miller says. “This turns into a big danger when automated techniques encounter surprising points that require guide decision.”
An overdependence on automation also can end in a lack of institutional information in regards to the intricacies of system operations particular to the enterprise, Miller says, making it more durable to adapt or innovate exterior the automated processes.
