Build security into ITOps from the start with automation

It's no secret that IT operations is a complex area. Teams face demanding workloads, where many tasks have to be completed quickly. Objectives typically focus on smooth and resilient operations, and enabling fast innovation to support organizational needs. In their distinct role, security teams must manage risk and compliance, respond quickly to incidents, protect data, and govern access. All these priorities must be simultaneously met, and this leaves the ITOps and SecOps teams searching for the best ways to collaborate. In this article, This article provides an overview of how Red Hat Ansible Automation Platform can automate nearly any task for an IT organization, bridging the gaps between IT and security needs.

Provisioning and orchestration: Seamless security integration from the start

Ansible Automation Platform includes an automation orchestrator (in Technology Preview) that allows teams to automate a series of tasks across a workflow and to leverage your automation mode of choice, such as tactical, event-driven, and agent-driven.

These workflows can include multi-domain steps in a process, for example, provisioning a Red Hat Enterprise Linux server, creating virtual machines, orchestrating across related infrastructure such as networks, storage, and applications, and embedding security processes into these workflows (see figure 1 for an example) for seamless implementation.

When security steps are agreed to and implemented as "code" through automation, a busy system administrator can meet security requirements without extra manual effort. When implementations are aligned, consistent, and accurate, and there's a clear audit trail of every action taken, the result is time savings for IT roles, and peace of mind for security roles.

Now that you understand how security needs can be worked into IT management, let's explore some use cases.

Automated hardening: Fast, compliant operations

With Red Hat Enterprise Linux, you can validate that your "source of truth" configuration (or baseline) is implemented. For example, SELinux is enabled, STIG and OpenSCAP compliance are aligned, secrets management is in place, and your observability agent is installed using automated workflows. You can choose to create a separate hardening workflow, or to include hardening checks in a provisioning workflow.

Ansible Automation Platform's event-driven automation can play a role as well. For example, from alerts of new resources created, you can trigger hardening checks and create a service ticket when results do not align. No matter how you design your process, you can better deliver new systems in line with security and compliance processes. This helps reduce the impact of human error and contributes to lower risk and more resilience.

Automate audit and compliance: Create reports without manual steps

After an incident occurs, audit reports are typically required to satisfy compliance standards. The process has traditionally been manual, but Ansible Automation Platform can capture information from infrastructure including the audit trails and generate dynamic reports on all automated actions taken for remediation or reports on incident data. You can also use reporting to demonstrate governance processes, such as who has role-based access control (RBAC) access to operate on a given inventory of resources.

For incident reporting, Ansible Automation Platform can easily gather a set of forensics to help diagnose problems (figure 2), determine remediations, and assess the blast radius. All of this occurs with less disruption of IT resources that must also focus on operational needs and priorities.

Automated healthchecks: Perform scans

With Day 2 operations underway, automation helps keep resources aligned to policies. You can perform a variety of health checks, for example, to detect and remediate drift, apply vulnerability patches, apply new policies, rotate secrets, and much more. By targeting a specific inventory group for scanning, you can verify every resource in the inventory.

Time savings can be significant. For example, KreditPlus is a financial services company based in Indonesia with branch offices across 200+ regions. They replaced a manual and time-consuming patching process with automation, so they patch their entire environment efficiently with a single click. They gain confidence in knowing that their systems are up to date on patches.

Automate remediation: Event-driven automation enables fast response to alerts

What is the process today when you receive an alert for a security risk? Does resolution take longer than you wish? This is where Ansible Automation Platform's included Event-Driven Ansible comes in to expedite responses. When a security alert is received, you can automatically take actions like revoking suspicious user access, rapidly gathering forensics, creating tickets or notifications, shutting ports, disabling services and more. The sooner you identify and disable a threat, even as you investigate, the more you can reduce its impact.

Comprehensive sanitizing: Automatically revoke obsolete access

At the end of any operational lifecycle, resources must be sunset. For example, an unneeded virtual machine can be automatically taken down or moved to low-cost storage.

But this is only part of a sunsetting process. You also need to comprehensively revoke any access privileges associated with that resource.

Using Ansible Automation Platform, you can thoroughly decommission no longer used resources. Automatically scan the resource to get a list of access points and secrets that were available to this virtual machine. Using this list, automatically revoke these access points, giving you peace of mind that you have more comprehensively closed potential attack points. As needed, you can create audit reports that demonstrate your actions.

Get started on your journey to security automation

Now you've gained some insight as to how you can use Ansible Automation Platform to build in security across your full operational lifecycle. It is a highly flexible solution that can be applied to security tasks, integrated into other automated processes for more seamless completion of security steps, included in Day 2 operations such as automated issue resolution, expedited reporting, and closed access points when a resource is decommissioned.

Red Hat recommends a "start small, think big" approach to automation adoption. Start with simple compliance use cases, and grow from there. Keep an eye on metrics such as hours saved, positive impacts on resilience and risk, fewer issues due to human error, and more.

Here are some recommended resources for learning more:

• Webinar: Automate Security. Align ITOps (on demand)
• Ebook: Automate security to align enterprise IT
• Ebook: Red Hat Ansible Automation Platform, a beginner's guide
• Interactive walk-throughs: IT automation including security automation
• Web page: Security automation