In security, when do you hire more people vs. add more automation?

There is no shortage of cybersecurity threats. But protecting against those threats is about balancing risk and reward — i.e. the cost of mitigating the risk versus the likelihood and impact of an incident.

Security automation tools can lower risk of a breach while also increasing efficiency, effectiveness, and ROI of security investments. But these, too, are a balancing act.

When does it make sense to invest in automation tools to strengthen and scale your security posture versus hiring more people?

»People vs. automation: Balancing cost and talent in risk management

Automation — especially when paired with artificial intelligence (AI) — is already remaking the workplace and the cybersecurity landscape. Over 44% of organizations already use some form of AI-driven automation in cybersecurity. At the same time, the need for security talent has never been higher. Here are some guidelines to help determine when to invest in technology automation and when to hire.

»When to invest in automation

Organizations have different needs. But all of them share the need to lower cybersecurity risk. Over the years, this has led to a proliferation of security products installed as organizations chase the latest tech trends, adding complexity to an already challenging discipline. Many organizations use a common set of criteria or guiding principles when making investment decisions for automation.

»High volume of repetitive tasks

Automation tools can parse huge volumes of data and perform repetitive tasks with speed and accuracy. Tasks like security data analysis, log monitoring, and compliance reporting are good examples of high-volume risk management activities that can be automated. Others include infrastructure provisioning and security policy enforcement.

For example, many data breaches are caused by cloud misconfigurations because security controls are either overlooked or inappropriately set, creating a vulnerability that is exploited. Automation tools can prevent configuration errors through automated provisioning and policy as code and catch any potential problems that may creep into environments over time through continuous monitoring.

»Need for real-time threat detection and response

Many security enthusiasts argue that the sophistication and sheer volume of threats today means every organization needs real-time threat detection and response capability. Whether that is true or not is a decision for each organization. If this capability is needed, automation tools are required. These tools combine AI, machine learning, and threat intelligence to continuously monitor for threats and mitigate them at a rate that simply cannot be done by a human. Organizations using AI and automation identify and contain breaches 100 days faster on average than ones that don’t.

»Rapid growth where scalability matters

Any organization planning to scale quickly will lean on automation tools to accelerate operations without increasing staff or adding unnecessary workload onto existing teams. This includes many risk management and security-related tasks.

»Tight budget

Cost is a big consideration when choosing between hiring staff or investing in automation. For some organizations, it may be the leading factor because hiring and training teams of security analysts to analyze alerts and respond to incidents is simply unaffordable. Both activities can be done more efficiently and cost-effectively by a small team using automation tools.

»Too many review steps that can be done with software

Automation is a good solution for streamlining any operation that involves repeatable steps or relatively simple decisions. If risk management processes are being slowed down waiting on manual review steps (e.g. tickets), those tasks could be automated, mitigating vulnerabilities faster and potentially reducing incident response time.

»Demanding regulatory requirements

When regulatory compliance is mandated and the cost of noncompliance is high, many organizations lean on automation tools to continuously monitor environments and ensure requirements are met instead of relying solely on conducting interviews and performing manual audits.

»Lack of security talent

Even organizations with large security budgets struggle with finding talented, experienced security experts. The security talent gap has been a problem for years and continues to grow. Automation tools can help offset staffing shortages and skills gaps.

»When to invest in more talent

While the security talent gap remains and automation tools continue to become more capable of handling tasks, there are some risk management activities that require security experts.

»Complex threat analysis

Security tools produce mountains of alerts. Which alerts really pose a threat and which ones are merely noise? While automated tools can help reduce the volume of alarms that make it to a security analyst’s desk, there are some alerts that require detailed risk analysis performed by someone with expertise, contextual understanding, and intuition to determine exposure. And while some products excel in removing noise, there’s still a level of human customization for alerting that needs to take place.

»Incident investigation and response

When a security incident occurs, it must be investigated to understand the root cause, regardless of the severity of the event. Tools can aid in this process, but the investigation must be led by security experts.

»Strategic risk planning and collaboration

Evaluating risk is an ongoing process that involves strategic planning to align an organization’s security strategy and capabilities with its short- and long-term goals and risk appetite. In fact, it is one of the top priorities for executives this year, especially in light of AI’s developments.

Strategic risk planning involves identification and analysis of risks and priorities with a clear understanding of organizational strategy to develop security policies and set direction, which can only be done with cross-functional input from key people across an organization.

»Calculating the numbers

How to balance the cost of adding staff and investing in automation is a complicated, multi-factor decision. But from a high-level financial perspective, the following formula can help compare the costs (rough estimates are often sufficient):

»Cost of automation

Yearly cost of product + (Yearly maintenance hours x Administrator’s hourly cost) + Yearly product education costs + support costs

»Cost of hiring

(Annual salary + benefits) x Number of employees needed + Yearly overall employee training costs

In most technology fields, automation will always win in terms of costs over employment costs. If a task can be automated, it will almost always be cheaper to automate that task, especially as automation technology gets more sophisticated and less expensive.

The key differentiator between hiring versus automation is quality:

• Is the task something that can be automated at all?
• Can it be automated safely and properly without quality degradation compared to a human?
• Will the automation be safer than adding a human touchpoint?

If the instructions configured into the automation products are good, automation is typically more consistent than humans at higher scale.

»Learn more

Organizations are continuously increasing the use of automation to drive efficiencies, productivity, and growth. Generative AI and detection AI are compelling new areas for automation, but there’s still a large amount of basic tool-based automation that has yet to be leveraged.

For more information on how to take a platform-based approach to security automation, read Do cloud right with The Infrastructure Cloud.