The Case for CSP Automation

March 9th, 2020

CSP Automation


Would you walk from San Francisco to Los Angeles or take a flight? Both methods will get you there but only one is practical. AI and automation bring the same practicality to IT operations, says Tala’s Sanjay Sawhney. 

Imagine having to develop a CSP for a website with 20k URLs, spread across 20 applications using different frameworks/technologies, developed by a globally distributed team – and half of the developers who built this site are gone. You need an accurate policy to give the highest level of security, without breaking any functionality of the website. But your website changes five times a month, with new marketing integrations enabled by tag management and other site updates. How do you gain control and keep pace with the changes using continuously updated website security policies? Maybe you have the luxury of 4-5 available resources to chase all the application teams to develop a reasonable policy?

Once you’ve managed to implement (and keep updating) an effective set of security policies, how will you deal with the millions of alerts you receive every day? How will you differentiate between false positives, noise triggered by browser extensions/ISP modifications, and real attacks? Once you’ve figured out how to deal with this, you have to tackle this for the 300 other websites your company owns (internal sites, subsidiaries, acquisitions).

This is where AI and automation come in. To deal with this trifecta of scale, dynamism and completeness/accuracy, you have no choice but to automate.

This is a scenario where automation can help you do something that just isn’t humanly practical. Humans err, automation doesn't. Automation can get you quick results when humans take far too long.

Are you flying to LA or walking?



Sanjay Sawhney, Co-Founder and VP of Engineering

Written by Sanjay Sawhney, Co-Founder and VP of Engineering

Co-Founder and VP of Engineering