Editor’s note: This post is part of an ongoing series on IT predictions from Google Cloud experts. Check out the full list of our predictions on how IT will change in the coming years.
From our partners:
Prediction: By 2025, 90% of security operations workflows will be automated and managed as code
There is not enough funding, resourcing, skills, or broadly applicable solutions to help manage security risk effectively across modern technology environments. Organizations are struggling to identify which alerts and security areas to prioritize while moving quickly through their digital transformation. This challenge is compounded by an exponential increase in data volume, alert fatigue, financial costs, and overall complexity. To combat this, organizations are looking to drive better developer hygiene, leverage more managed services and cloud-native capabilities, use products and solutions that provide greater security-by-default, and shift to security engineering over operations, to manage risk at scale.
Security operations — traditional detection and response workflows — are notoriously overburdened with toil. There are quite simply too many events and not enough people to scale them. Legacy tools coupled with a high bar for security engineering have made it very difficult for organizations to build effective, scalable solutions to manage threats in modern technology environments. As a result, there’s a cybersecurity talent shortage of over 700,000 jobs, which will likely increase and never be filled.1
This new 90/10 split predicted between automated and manual detection and response events can allow security operations teams to focus on their critical security work: threat research and operationalizing threat intelligence, proactive hunting, solving for visibility challenges, maturing alert triage and response automation capabilities, and more importantly, shifting security operations knowledge “left.” This last point can drive a deeper relationship with developers and improve the preventive security of the overall infrastructure.
To achieve this vision, we’ve developed the Autonomic Security Operations (ASO) framework, a holistic and novel approach to modernizing people, processes, and technologies – enabling organizations to adopt Google’s cloud-scale engineering approach to threat management. This framework underpins our substantial technology investments in Chronicle Security Operations, VirusTotal, Mandiant, and beyond.
At the core of ASO is Continuous Detection, Continuous Response (CD/CR), a model we’ve developed for traditional security operations teams to help shift away from the assembly-line approach to managing threats and adopt an agile operating model centered around establishing continuous feedback loops across the core areas of detection and response, in order to objectively and iteratively improve an organization’s security capabilities. It’s heavily grounded in our own approach to security as well as other methodologies, such as DevOps, SRE, Detection Engineering, and Agile.
By: Iman Ghanizada (Global Head of Autonomic Security Operations)
Source: Google Cloud Blog
For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!
Our humans need coffee too! Your support is highly appreciated, thank you!
