Application Security & Online Fraud , DevSecOps , Governance & Risk Management
Securing Software Automation, OrchestrationCyberArk's Jeffery Kok Highlights the Potential Security Gaps
Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk.
Two automation strategies that are being widely adopted, Kok says, are robotic process automation, or RPA - software that mimics your action for day-to-day mundane tasks - and IT orchestration - technologies that do jobs for administrators at scale.
In an interview with Information Security Media Group, Kok addresses the potential risks involved. Bots for automation and orchestration need credentials to perform these functions, he points out. "In terms of how well they protect the credentials from being stolen ... some of these store the credentials in the clear. .... And some have very rudimentary encryption protections, which are very easily circumvented."
In this audio interview (player link below image), Kok talks about:
- The security gaps being created or ignored within IT automation;
- Deciding where to use automation safely and where to avoid it;
- Trends in security automation and orchestration.
Kok is vice president of solution engineers, Asia Pacific and Japan, at CyberArk. Previously, he was technical consultant director, Asia Pacific and Japan, for RSA. Kok has more than 17 years' experience in cybersecurity, including roles at Cisco Systems, Nera Telecommunications and the National University of Singapore.