As organizations digitalize and shift their operations to the cloud, more vulnerabilities are created, making it crucial to provide strong authentication and operational integrity at scale.

The COVID-19 pandemic has radically changed the way organizations operate. As businesses go digital and shift their operations to the cloud, more vulnerabilities are created, making it crucial to provide strong authentication and operational integrity at scale.

As business automation accelerates, so has the growth of cyber-threats. How do we keep up with the growing attack surfaces and increasing volume and sophistication of cyber-attacks?

CybersecAsia discussed the issues with a proponent of automated security as the solution. Avesta Hojjati, Head of R&D, DigiCert, shared his insights:

What is driving the need for businesses to automate? 

Avesta Hojjati, Head, R&D, DigiCert

Hojjati: Businesses that embrace automation can help their workforce become more efficient by cutting down the time spent on manual processes and focusing on other projects and priorities.

At the same time, automation reduces human error, mitigating the risks of certificate expiration and misconfiguration leading to web services outages, data breaches and the loss of revenue and reputation tied to these events.

As public key infrastructure (PKI) with digital certificates is not easy to manage manually, the business case for implementing automation now is becoming more and more apparent.

How should they decide what to automate, for successful digital transformation? 

Hojjati: One main appeal of digital transformation is that manual processes can become automated, saving businesses time and money, as well as reduce human error. As such, a successful digital transformation and automation would go hand in hand.

It would make most sense for businesses to automate tasks that are repetitive and require significant human management, such as managing all digital certificates deployed within an organization’s network. Additionally, it is recommended for businesses to automate time-sensitive tasks so that they are still being completed even as employees go on sick leave or vacation. 

In the age of digital transformation, we recognise that it can be tempting to automate everything, but there are also some tasks that we do not recommend to be automated. These would be tasks that still require human judgement and intervention, as well as other tasks that are highly complex and thus inefficient to automate, as they need to pass through multiple approval and decision-making levels. 

Is automated security essential to keep up with business automation? 

Hojjati: PKI and digital certificates form a critical component of every digital transformation initiative to ensure that connected devices, users and data shared across the network are all protected. Devices and users need to be authenticated, data needs to be encrypted, and devices and data require signing for software integrity and device integrity.

For example, we have seen a high number of software supply chain attacks recently, where the processes around developing and shipping code is faltering and leading to widespread security breaches. 

At each phase of the software development lifecycle, companies need to inspect code to assure it is free of malware and bugs, and then sign the code to ensure only authorized parties can alter it and end-users can trust it is tamper-free.

Likewise, the lack of automation continues to lead to online services being shut down and outages that cost businesses money and reputation with their customers. In the past six months, we found that 34% of organizations in APAC have experienced more than five instances of site downtime due to certificate expiration. 

The need for security extends to all aspects of digital transformation, and as organizations increase their reliance on digital certificates and public key infrastructure, automating security will become critical to save time and simplify management tasks.

What are some other key challenges faced by companies in implementing automation? 

Hojjati: There are a few challenges that companies face when implementing automation. For example, complexity such as having a distributed environment prevent secure deployment of automation.

Additionally, lack of well-crafted solutions, disruption caused by automation implementation and fear for job replacement are among the highest reasons for staying away from automation. 

Moving forward, how could these challenges be effectively addressed? 

Hojjati: We’ve created our Automation Manager with a unique container-based architecture for horizontal scalability and to suit distributed environments.

Companies can deploy multiple Automation Manager solutions within different data centers and they all connect securely to the CertCentral TLS certificate manager. Automation Manager breaks new ground in overcoming the hurdles that have prevented full-scale certificate automation.