Companies are adopting new security solutions to manage a growing remote workforce — like identity access management, cloud security and endpoint security. The sudden turn to remote work, however, has meant that human-scale solutions aren’t always workable and companies are looking to machine-scale tech as a result.

As you move from human scale to machine scale, you’re going to automate — and automation, when it isn’t secure, can be a major vulnerability.

“A necessity is that you’re going to have to harness some level of automation — have the machines work on your behalf, have the machines carry your intent,” said TK Keanini (pictured), distinguished engineer at Cisco Systems Inc. “And when you do that, you can do it safely or you could do it dangerously. You want to make sure that, frankly, the adversary can’t get in there and use that automation on their behalf. So it’s a tricky thing because when you take the phrase, ‘How do we automate security,’ you actually have to take care of securing the automation first.”

Keanini spoke with Dave Vellante, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the Cisco Accelerating Automation With DevNet event. They discussed what businesses will need to do to secure automated solutions as the workforce pivots to working from home. (* Disclosure below.)

Defending data and privacy against attackers with automated tools

As automation accelerates, engineers are also investigating how to prioritize data privacy and secure data management when automated tools can both defend company networks and be a major vulnerability.

“What security methodologies do we have today that we use to secure code? While we have automated testing, we have threat modeling, right? Those things actually have to be now applied to infrastructure,” Keanini said. “So, when I talk about how do you do automation securely, you do it the same way you secure your code — you test it, you threat model, you say, ‘You know, Ken, my adversary exhibits something here that drives the automation in a way that I didn’t intend it to go.’ And so all of those practices apply. It’s just everything as code these days.”

The conversation around data privacy and data collection has evolved in light of major data leaks, like the Facebook-Cambridge Analytica scandal of 2019, as well as how companies can develop security tools that are accessible to common users without sacrificing advanced features or functionality, according to Keanini.

“All of these security tools, no matter how fancy [they are], it’s not that we’re losing the complexity. It’s that we’re moving the complexity away from the user so that they can drive at human scale while we do things at machine scale,” Keanini concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the Cisco Accelerating Automation With DevNet event. (* Disclosure: TheCUBE is a paid media partner for the Accelerating Automation With DevNet event. Neither Cisco Systems Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE