The vast majority of businesses (83 percent) say the use of automation for managing security processes needs to increase over the next three years, according to an AlgoSec survey of 350 respondents, including C-level executives, senior networking, security, risk and compliance professionals, data center professionals and application architects.
More than 80 percent of respondents believe that automation will increase the overall security posture of their organizations, while 75 percent think it will improve application availability, reduce errors and enable them to process security policy changes faster.
Three-quarters of respondents said that automation will reduce audit preparation time and improve compliance, while 50 percent believe that automation will help deal with the IT skills shortage and the reliance on experienced security engineers.
"The most surprising finding was the disconnect between senior management and rank and file security professionals regarding the levels of automation across their organizations," Nimmy Reichenberg, vice president of marketing and strategy for AlgoSec, told eWEEK. "This stems from a lack of understanding by the C-levels of the daily challenges faced by their staff, and the solutions available to address them. Therefore, as C-level executives become more educated, automation should be driven from the top down in order to alleviate concerns surrounding accuracy, processes and business disruption."
Reichenberg explained that as the survey shows, concerns regarding accuracy and false positives are hindering the proliferation of automation tools, followed by difficulty driving organizational changes, lack of time and knowledge needed to dedicate to deploying these type of solutions.
"Somewhat surprisingly, concerns about business disruption resulting from automation were pretty low down the list of concerns which is very encouraging," he noted. "As companies become more familiar, and proficient with using automation to optimize their security processes, these barriers to implementation will be eliminated and we will likely see a significant up-tick in the use of automation to manage security across the organization."
Indeed, as the survey revealed, 83 percent of organizations want the use of automation to manage security processes to increase over the next 3 years.
Only 15 percent of respondents reported that their security processes were highly automated, while more than 52 percent had some automation in place but felt it was not enough, and 33 percent said they had little to no automation at all.
"Security automation will extend to more areas, such as incident response and remediation," Reichenberg said. "With more security solutions deployed than ever before on one hand, and the unprecedented security talent shortage on the other, security organizations will have to turn to more automation to have any hope of being successful."