Automation in the context of security
Security is much more than technology. In fact, it should be part of the culture and day-to-day mindset for all types of activities throughout an organization. Within the general context of digital transformation, a lot of attention and resources go to automation of processes and workflows across the business, operational, and technology aspects of a corporation. While the focus on automation often leans toward the obvious, like provisioning new services or implementing self-healing procedures to resolve issues, automation can also play a vital role in creating a secure environment. It is therefore important to invest in automation capabilities that provide sufficient flexibility for you to tailor them to your specific needs, so you can leverage every opportunity to improve your security posture.
Security should be a consideration for any use case that you implement. In other words, it is not only about automating the provisioning of a new service (e.g. a satellite uplink, an IP media flow, a web service, etc.), but also about hardening the security at the same time by for example enabling or disabling switch ports, updating access control lists (ACL), updating firewall profiles, enabling or disabling user profiles, updating permissions, etc.
This comes on top of the positive impact automation in general will always have on your security posture, as technology configurations are executed consistently with the necessary checks and balances eliminating the risk of residual configurations, which is typically associated with manual configurations and which can compromise security. All of this requires your automation technology to be open-architecture, so that you can evolve it easily to include any security enhancement opportunities that you identify.
Automation can also be leveraged towards very specific security-oriented use cases. The opportunities are endless, and typical areas of application include:
Compliance checking: Policies and best practices are only valuable when they are also effectively enforced, and this can only be achieved by means of compliance checking. As compliance checking needs to be done continuously to be effective, logic dictates that it should run automatically.
Inventory, asset management, onboarding and offboarding of resources: One of the very typical and common root causes of cyber incidents are obsolete resources, which are still powered and active but obsolete and outdated. As such, they serve as an easy entry point for malicious actors, and this then compromises the entire operation. Automated inventory and asset management, and automated procedures for onboarding and offboarding of resources, including hardware, software and cloud services, drastically reduce this type of risk.
Firmware and software updates: An estimated 60 to 80% of cyber incidents are caused by vulnerabilities for which a patch already existed. This staggering statistic underlines the importance of swift and continuous updates of all firmware and software across an infrastructure. However, this is often hampered by the fear of breaking functionality. In addition, all vendors are evolving towards more continuous development, resulting in an ever-increasing number of releases that need to be dealt with asynchronously. The only solution for this is an automated process to both test and validate new firmware and deploy it across the infrastructure.