SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

How to unlock efficiency dividends in digitally-minded Australian organisations

Thu, 17th Oct 2024

Efficiency has come into stark focus this year. 

At a time when many organisations are being asked to do more with less (or to do more with the same amount of resourcing), there is pressure across both frontline delivery and back-office enablement functions to find efficiencies that save money and, perhaps more importantly, cut down on effort - as time that can be reinvested into more value-generating activity.

IT is one of those enablement functions to come in for increased scrutiny. Technology is not the principal business activity of most organisations, but it has been elevated in operational importance over the last few years. Digital is the default mode for service delivery within many organisations and underpinning that is an efficient and effective IT infrastructure and support team.

A lot of attention around technology-based enablement tends to go to the IT infrastructure itself, whether it's a cloud platform, a managed service, or an on-premises IT environment. This is obviously an important decision, and there are many options to consider. But as the conversation around technology turns to efficiency, more attention is being paid to how the IT infrastructure is being managed. 

The benefits of automation

Automation arises in many contexts when it comes to organisational operations, from customer support to transactional process orchestration. There are plenty of stories out there of businesses being able to serve more customers faster, or of being able to cut time and steps out of complex end-to-end transactional engagements, by harnessing automation.

From an IT infrastructure perspective, automation is enabling organisations to stretch their limited IT budgets and resources further, by removing some of the most high-touch infrastructure management tasks from being performed by personnel (whether by staff inhouse or by a managed services provider).

Activities such as: applying patches to servers or network switches; ensuring that the infrastructure complies with internal policy or regulatory settings; keeping the configuration of IT infrastructure up to date and documented; and managing the application of server hardening controls to meet security requirements such as the Essential Eight or the Center for Internet Security (CIS) Benchmarks; are all necessary to efficient and effective operation of IT infrastructure. However, they can all be manually intensive and are what many IT professionals would consider 'grunt work'. 

IT professionals want to learn and grow, not be in a server room at 10pm on a Friday installing patches on a server fleet. Carefully targeted IT infrastructure automation can unshackle these valuable IT personnel from repetitive and uninteresting work, freeing them up to work more closely with the organisation on how they can contribute to new projects and help to drive the organisation forward.

The path to getting started with IT infrastructure automation

Automation-as-a-service represents a good entry point into IT infrastructure automation, as it reduces any learning curve that may be encountered initially, allowing the organisation to start generating benefits quicker.

At a simple level - and without going into too much technical detail - each automation is defined within a structure known as a playbook. This structure contains all of the instructions to execute a task for one or more machines at regular intervals. Importantly, once a playbook is developed, it can be reused multiple times. 

Engaging with a managed services organisation that has already built playbooks that cover all of the most in-demand IT infrastructure automations makes a lot of sense, as it completely removes this as a barrier to entry.

More important than how automation is achieved is what it enables the organisation to achieve.

Consider the example of an organisation that requires their network devices to be patched every three months to comply with audit requirements. Using automation-as-a-service, a patching solution can be built that is hosted in the cloud and connects to the network devices regularly, updating the software on those devices to a target version that is both secure and current. 

Automation-as-a-service is also useful in more complex scenarios. 

Many Australian government organisations must apply Essential Eight security controls and demonstrate a baseline standard of compliance. Other private sector organisations also model their infrastructure security on the Essential Eight - or similar models such as CIS or NIST - because it represents best-practice. 

Vendors for many different types of IT infrastructure release their own compliant configurations for their hardware, and regularly update it as the security models evolve. By using automation-as-a-service, these configurations can be kept up to date on all IT infrastructure. Since a single automation tool logs all changes, the organisation can track when and where automated updates occurred, ensuring they are applied successfully. This enables the use of automation for measuring and reporting on a compliance score out of the box.

For more complex automations, it is also possible to chain multiple playbooks together into an automated workflow, meaning organisations can increase the sophistication of automations in their IT environment over time.

Automation is already making its mark on many parts of a company's operations. Given demands for greater efficiency from IT teams and spend, the time is right to extend automation to the technology function, and to start reaping the benefits from its presence.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X