Companies are adopting new security solutions to manage a growing remote workforce — like identity access management, cloud security and endpoint security. The sudden turn to remote work, however, has meant that human-scale solutions aren’t always workable and companies are looking to machine-scale tech as a result.
As you move from human scale to machine scale, you’re going to automate — and automation, when it isn’t secure, can be a major vulnerability.
“A necessity is that you’re going to have to harness some level of automation — have the machines work on your behalf, have the machines carry your intent,” said TK Keanini (pictured), distinguished engineer at Cisco Systems Inc. “And when you do that, you can do it safely or you could do it dangerously. You want to make sure that, frankly, the adversary can’t get in there and use that automation on their behalf. So it’s a tricky thing because when you take the phrase, ‘How do we automate security,’ you actually have to take care of securing the automation first.”
Keanini spoke with Dave Vellante, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the Cisco Accelerating Automation With DevNet event. They discussed what businesses will need to do to secure automated solutions as the workforce pivots to working from home. (* Disclosure below.)
Defending data and privacy against attackers with automated tools
As automation accelerates, engineers are also investigating how to prioritize data privacy and secure data management when automated tools can both defend company networks and be a major vulnerability.
“What security methodologies do we have today that we use to secure code? While we have automated testing, we have threat modeling, right? Those things actually have to be now applied to infrastructure,” Keanini said. “So, when I talk about how do you do automation securely, you do it the same way you secure your code — you test it, you threat model, you say, ‘You know, Ken, my adversary exhibits something here that drives the automation in a way that I didn’t intend it to go.’ And so all of those practices apply. It’s just everything as code these days.”
The conversation around data privacy and data collection has evolved in light of major data leaks, like the Facebook-Cambridge Analytica scandal of 2019, as well as how companies can develop security tools that are accessible to common users without sacrificing advanced features or functionality, according to Keanini.
“All of these security tools, no matter how fancy [they are], it’s not that we’re losing the complexity. It’s that we’re moving the complexity away from the user so that they can drive at human scale while we do things at machine scale,” Keanini concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the Cisco Accelerating Automation With DevNet event. (* Disclosure: TheCUBE is a paid media partner for the Accelerating Automation With DevNet event. Neither Cisco Systems Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.