IT environments are changing all the time
Business today drives frequent application changes, which typically means infrastructure changes, such as new configurations, new servers, new application servers, new open source or commercial libraries, network route and port changes, and so on. Understanding the impact of these high-velocity, broad scope changes to both applications and server configurations is critical in order to manage the associated risks.
If the operations team is not able to cope with high-velocity change, or the security team is not able to assess how change is impacting overall security posture, the entire business may be at risk.
Most IT organizations use multiple automation tools to improve efficiency and cut costs. However, effectively handling fast-paced changes to production while maintaining the security posture of the changing environment requires the next level of automation maturity. Security automation needs to evolve to support the increasing velocity of change in both applications and infrastructure.
Achieving maturity in automation
To achieve the next level of automation maturity, organizations must be able to support advanced automation use cases consistently and effectively in a large-scale environment, which can also strengthen IT security.
Compliance checks and remediation
Many organizations are required to ensure that their IT environment complies with guidelines and standards (such as DISA, HIPPA, and PCI), which have multiple rules that must be validated against every server. If any violations occur, remediating all non-compliant servers is a mandatory business requirement. Supporting this advanced use case of checking rules and remediating failed conditions against all servers and network devices in a data center is critical to maintaining compliance.
Complying with standards is a form of security enablement for some data centers, and complements efforts to secure the IT infrastructure. Automation with rule validation and remediation should also support custom rules in order to standardize and enforce compliance.
Configuration management via snapshots and audits
Changes or misconfigurations on servers can create an unnecessary and dangerous security risk or bring down a production environment.
Organizations need to have a solid understanding of how configuration changes can affect their business continuity, and complete visibility into who made the changes. Configuration history can show how things have changed over time through a comparison of the snapshots. Audits of all of the actions can show who made the changes.
Snapshots and audits must be repeated for all servers in a data center, making these activities compelling features that should be a part of the automation story. This kind of data is also useful for security operators when determining efficient security policies for the data center.
Security patch management
Vendors release patches for operating system and application software to fix problems that emerge after an initial release. Implementing the patches is generally a three-step process:
- Get the information about the new patches.
- Determine if the new patches are missing on the servers.
- Install all the missing patches.
For critical security patches, organizations should automate this process to continuously keep the environments secure and less vulnerable.
The process for vulnerability management involves identifying, quantifying, and prioritizing server vulnerabilities. Various tools perform vulnerability analysis and provide reports. Automating the remediation steps can help the production and security teams achieve their goals of preventing external malicious attacks. Automation can help reduce the time lag and improve coordination between the security and IT operations teams.
Achieving this recommended level of automation maturity helps IT operations teams; it also makes security teams more aware of changes and security risks in the environment. With advanced security automation and operationalization, IT operations teams can ensure secure data centers.
With mature automation, security operators have visibility into IT operations and can assess information related to misconfigurations, non-compliance, missing security patches, and vulnerability status of the managed IT environment. This information is paramount for the security of the business. Mature automation also enables security teams to design and develop efficient security policies for their IT environment.
With Automation, your business can strengthen IT Security and respond quickly to threats to your business.
Additionally, BladeLogic Threat Director extends the power of both BladeLogic Server Automation and BladeLogic Network Automation to give IT operations and security teams the data they need to prioritize and remediate threats based on potential impact to the business.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.
See an error or have a suggestion? Please let us know by emailing firstname.lastname@example.org.