The identification of every user making a request to a given system is vital to ensuring that action is only taken by, and information only returned to, those who need it. This happens in two steps: first, the requester is identified (authenticated), and then that identity is used to determine which parts of the application they are allowed to access.

When you think about how to automate processes within the IT industry, your mind probably goes first to tools. After all, the past decade has witnessed an explosion of tools from across the industry that promise to make it easy to automate virtually every aspect of IT operations — from low-code development solutions that automate coding, to release automation tools for applications, to automated monitoring and security platforms.

The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Kostya Ostrovsky , a Software Architect at Torq based in our Tel Aviv office. Kostya is one of the first employees at Torq.

If you’re a developer who lives and breathes code all day, you probably don’t mind having to write complex configuration files to set up an automation tool or configure a management policy. But the fact is that many of the stakeholders who stand to benefit from security automation are not developers.

In an age when attackers create over a million phishing sites each month, and phishing serves as a beachhead for 95 percent of all attacks against enterprise networks, how can businesses respond? Part of the answer lies in educating users to recognize and report phishing, of course. But user education only goes so far – particularly because the same statistics cited above show that, on average, only 3 percent of users will report phishing emails.

Everyone wants to automate security. Traditionally, though, doing so has been challenging because setting up security automation tools required a specialized set of skills that no one engineer at a company possesses. It’s time to change this state of affairs by democratizing security automation. Here’s why and how.

For many businesses today, security automation is something of a paradox. It’s no secret that automation is important, and a large number of businesses have invested in security automation solutions. Yet the never-ending stream of headlines about major cybersecurity attacks suggests that, for most of these companies, security automation doesn’t end up delivering the intended results.