You walk into your office and open your IT security to-do list for the day. If you’re like most of our customers, you will see dozens of tasks staring back at you. Yikes! Hopefully, you manage to make some progress on this mountain of work each day. Yet you wonder if there is a better way. Maybe you could use IT security automation in some way? Yet you are also worried about quality considerations. Use our process to find a measured approach to IT security automation.
The Journey To IT Security Automation Starts Here
Before you can make progress with IT security automation, some preliminary work is needed first. Otherwise, you could end up making unimportant tasks more efficient! We don’t want that to happen to you. To get started, use these self-assessment questions.
1) What are your IT security goals for the year?
Completing random tasks that occur to you at the moment has little value. That’s like reaching “inbox zero” on your email daily, yet ignoring high-value security assessments. If you are unsure about your individual work goals for IT security goals, refer to the company IT goals and ask yourself how you can contribute to those goals. Once you have a few ideas, confirm these goals with your manager.
2) What are the weekly and daily tasks that align with those goals?
Now that you have clarity on your IT security goals, put on your project manager hat. You want to make a list of daily and weekly tasks that advance those goals. For example, you might have a weekly task to check for Microsoft security vulnerabilities. That task is valuable because it contributes to your goal of proactively detecting security threats.
Tip: If you use a task manager, look at the past few weeks of tasks to jog your memory.
3) Which tasks could you eliminate or reduce in frequency?
As you review your tasks, ask yourself a tough question: where can you cut? For example, you might be invited to 10 recurring meetings each month. Challenge yourself to stop attending three to five of those meetings. That will free up some time on your calendar to implement IT security automation and other important tasks.
4) What tasks produce the most value for your stakeholders?
So far, we have looked at IT security goals and tasks from your perspective as the individual manager or professional. There is another layer you need to add in: your stakeholders. For example, your department may have a goal to “respond to IT security requests from users within six hours each business day.” If you have a goal like that, identify those tasks.
5) Identify tasks that have a routine or rule-based aspect
By this point, you might have a list of a few dozen tasks that you perform in your IT security work each month. You have already reduced some of them in frequency. You have flagged other tasks as a high priority for your end-users. Now, you want to identify tasks that are defined by rules. For example, resetting a user password tends to be a rule-based process in most companies. In other cases, setting up a new user with standard account permissions is likewise subject to rules.
Keep reviewing your list of IT security tasks until you find three to five IT security tasks subject to a high degree of rules. These are the tasks that you will automate next.
Implement IT Security Automation
Based on the prior analysis, you will have some good ideas about what to implement for IT security automation. Use the following steps to implement your first IT security automation.
1) Choose one IT security task for automation
In this example, let’s choose the task of “setting up new end users with standard permissions.” For example, your company’s sales representatives likely have standard account permissions to your order system, sales automation tools and so forth.
2) Identify your IT security automation method
Based on the example above, a security software solution is an excellent way to implement this improvement. Look into Group Enforcer as a way to make this happen.
3) Implement the automation method
Purchase and install the security software solution you have chosen in the prior step. If you lack the budget or authority to make this purchase, read our guidance on building a business case for security software.
4) Monitor the IT security automation implementation
Putting a new security system into place is a change. Therefore, you need to monitor that change. Specifically, gather feedback from your end-users and your peers. Find out if the new system is meeting their expectations to save time and effort. Make adjustments to the configuration or your processes until you capture the expected automation benefits.
5) Identify other tasks for IT security automation
Once you have achieved some level of success with IT security automation, return to the process outlined in this article in three to six months. Look for another high-value rule-based set of tasks to automate.
What IT Security Tasks Should Not Be Automated?
So far, we have focused on IT security automation because there is so much opportunity to make improvements. However, it is essential to recognize that there are limitations to IT security automation. For example, you should avoid seeking to automate IT security risk assessments. Likewise, it makes little sense to automate the setting of IT security goals and key performance indicators. Those are areas where you need to apply your professional judgment to the task at hand.
Without IT security automation, you may find that these higher-value tasks are neglected due to the pressure to get the urgent tasks done. That’s why freeing up just a few hours per week with automation is so valuable. It gives you additional work time to discuss strategy, consider risk and engage the business in thoughtful security discussions. You start down the path to IT security automation for the immediate benefits of getting tasks off your plate. Ultimately, you stick with automation because it gives you the time to complete higher-value IT security tasks.