(Source-ISACA blog Author-Mr Andrew Evers)
Process automation is an important part of any tool kit to enforce governance—for business or IT. Unfortunately, it is also one that is rarely considered. That is unfortunate because the benefits of automation for risk, audit and compliance are manifold. Automated processes typically document what they do as part of completing a task. Automation provides clear, auditable logs that show what was done, when and by whom. With increased automation, organizations reduce the potential for manual errors and increase the speed of regularly occurring tasks or those that involve a broad range of systems. This increase in efficiency leads to greater consistency, reliability and, ultimately, a better quality of service for the business.
Automated tasks can also be performed with special service accounts that minimize the need for direct access to managed systems. System managers, those responsible for governance and other business people can request and monitor complex tasks from a single screen while retaining principles of least privilege for consistent auditing across the landscape.
In the past, organizations have had no choice other than buying and installing automation solutions on-site, often with large up-front commitments in assessment, licensing and installation. This posed some significant barriers to automation for many enterprises. Fortunately, cloud automation solutions are changing the landscape in this area.
Cloud solutions provide many benefits in terms of lower up-front commitment, minimal footprint and setup time. Moving to the cloud, however, does also bring additional security and governance questions that must be addressed. In my recent Journal article, I look into evaluating cloud automation solutions from 2 perspectives. First, highlighting the benefits of automation and then examining the types of security measures that should be in place for a cloud-based automation solution. This provides a great starting point for any enterprise interested in improving the way they do business while maintaining a secure, reliable environment.
