It's no secret that IT operations is a complex area. Teams face demanding workloads, where many tasks have to be completed quickly. Objectives typically focus on smooth and resilient operations, and enabling fast innovation to support organizational needs. In their distinct role, security teams must manage risk and compliance, respond quickly to incidents, protect data, and govern access. All these priorities must be simultaneously met, and this leaves the ITOps and SecOps teams searching for the best ways to collaborate. In this article, This article provides an overview of how Red Hat Ansible Automation Platform can automate nearly any task for an IT organization, bridging the gaps between IT and security needs.
Provisioning and orchestration: Seamless security integration from the start
Ansible Automation Platform includes an automation orchestrator (in Technology Preview) that allows teams to automate a series of tasks across a workflow and to leverage your automation mode of choice, such as tactical, event-driven, and agent-driven.
These workflows can include multi-domain steps in a process, for example, provisioning a Red Hat Enterprise Linux server, creating virtual machines, orchestrating across related infrastructure such as networks, storage, and applications, and embedding security processes into these workflows (see figure 1 for an example) for seamless implementation.
When security steps are agreed to and implemented as "code" through automation, a busy system administrator can meet security requirements without extra manual effort. When implementations are aligned, consistent, and accurate, and there's a clear audit trail of every action taken, the result is time savings for IT roles, and peace of mind for security roles.
Now that you understand how security needs can be worked into IT management, let's explore some use cases.
Automated hardening: Fast, compliant operations
With Red Hat Enterprise Linux, you can validate that your "source of truth" configuration (or baseline) is implemented. For example, SELinux is enabled, STIG and OpenSCAP compliance are aligned, secrets management is in place, and your observability agent is installed using automated workflows. You can choose to create a separate hardening workflow, or to include hardening checks in a provisioning workflow.
Ansible Automation Platform's event-driven automation can play a role as well. For example, from alerts of new resources created, you can trigger hardening checks and create a service ticket when results do not align. No matter how you design your process, you can better deliver new systems in line with security and compliance processes. This helps reduce the impact of human error and contributes to lower risk and more resilience.
Automate audit and compliance: Create reports without manual steps
After an incident occurs, audit reports are typically required to satisfy compliance standards. The process has traditionally been manual, but Ansible Automation Platform can capture information from infrastructure including the audit trails and generate dynamic reports on all automated actions taken for remediation or reports on incident data. You can also use reporting to demonstrate governance processes, such as who has role-based access control (RBAC) access to operate on a given inventory of resources.
For incident reporting, Ansible Automation Platform can easily gather a set of forensics to help diagnose problems (figure 2), determine remediations, and assess the blast radius. All of this occurs with less disruption of IT resources that must also focus on operational needs and priorities.
Automated healthchecks: Perform scans
With Day 2 operations underway, automation helps keep resources aligned to policies. You can perform a variety of health checks, for example, to detect and remediate drift, apply vulnerability patches, apply new policies, rotate secrets, and much more. By targeting a specific inventory group for scanning, you can verify every resource in the inventory.
Time savings can be significant. For example, KreditPlus is a financial services company based in Indonesia with branch offices across 200+ regions. They replaced a manual and time-consuming patching process with automation, so they patch their entire environment efficiently with a single click. They gain confidence in knowing that their systems are up to date on patches.
Automate remediation: Event-driven automation enables fast response to alerts
What is the process today when you receive an alert for a security risk? Does resolution take longer than you wish? This is where Ansible Automation Platform's included Event-Driven Ansible comes in to expedite responses. When a security alert is received, you can automatically take actions like revoking suspicious user access, rapidly gathering forensics, creating tickets or notifications, shutting ports, disabling services and more. The sooner you identify and disable a threat, even as you investigate, the more you can reduce its impact.
Comprehensive sanitizing: Automatically revoke obsolete access
At the end of any operational lifecycle, resources must be sunset. For example, an unneeded virtual machine can be automatically taken down or moved to low-cost storage.
But this is only part of a sunsetting process. You also need to comprehensively revoke any access privileges associated with that resource.
Using Ansible Automation Platform, you can thoroughly decommission no longer used resources. Automatically scan the resource to get a list of access points and secrets that were available to this virtual machine. Using this list, automatically revoke these access points, giving you peace of mind that you have more comprehensively closed potential attack points. As needed, you can create audit reports that demonstrate your actions.
Get started on your journey to security automation
Now you've gained some insight as to how you can use Ansible Automation Platform to build in security across your full operational lifecycle. It is a highly flexible solution that can be applied to security tasks, integrated into other automated processes for more seamless completion of security steps, included in Day 2 operations such as automated issue resolution, expedited reporting, and closed access points when a resource is decommissioned.
Red Hat recommends a "start small, think big" approach to automation adoption. Start with simple compliance use cases, and grow from there. Keep an eye on metrics such as hours saved, positive impacts on resilience and risk, fewer issues due to human error, and more.
Here are some recommended resources for learning more:
- Webinar: Automate Security. Align ITOps (on demand)
- Ebook: Automate security to align enterprise IT
- Ebook: Red Hat Ansible Automation Platform, a beginner's guide
- Interactive walk-throughs: IT automation including security automation
- Web page: Security automation
리소스
비즈니스 자동화의 5단계
저자 소개
Cindy Russell is a Senior Principal Product Marketing Manager for Ansible Automation Platform.
유사한 검색 결과
빠르게 진화하는 AI 위협, 더 빠른 대응
관리에서 벗어나 오케스트레이션으로 전환: Red Hat Ansible Automation Platform을 통한 Catalyst 운영 간소화
Untangling Networks | Compiler
Operating System Management | Compiler
자세히 알아보기
E-book: 기업 자동화영어 (English) 버전으로 제공됩니다 (한국어 미지원) - 체험: 자기 주도식 핸즈온 랩으로 구성된 Red Hat Ansible Automation Platform
- Red Hat Ansible Automation Platform: 초보자 가이드
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
가상화
온프레미스와 클라우드 환경에서 워크로드를 유연하게 운영하기 위한 엔터프라이즈 가상화의 미래