Security is a great use case for automation. Why? Because effective security requires really consistent application of security policy. Automation forces the security admin to express policies in code that their automation tools understand.
This also has the virtuous cycle effect of improving the security policy itself. When the SecOps team can’t implement the policy in code, they have to ask the policy folks for clarification, which drives policy improvement. A policy that can’t be codified is pretty useless today.
As we move toward policy-as-code, it changes the whole mindset around the language of security policies. Instead of a generalized set of recommendations, the policy starts to be restructured as codifiable statements.
IT Automation solutions like Ansible are critical to consistent application of security policies. The inconsistencies of manual processes are a big cause of security vulnerabilities. Most organizations use proprietary element managers from their security solution vendors – Cisco, Palo Alto, etc.
Now there are open source alternatives. Ansible is an especially great fit because of it’s agentless approach. Many security devices – firewalls, intrusion prevention systems (IPS), web application firewalls (WAFS) – are locked down and do not support an agent. The only hangup is the limited device support, so it was great to see new integrations highlighted in the Ansible preview for enterprise security solutions.
Good tools also give admins and executives real-time visibility into their security and compliance status. That reduction in risk is revolutionary compared to a traditional annual compliance audit.