Cybersecurity has and will continue to be a top priority for governments from the White House down to your local courthouse. But keeping up with the constant stream of innovative cyberattacks can be overwhelming for government IT professionals and users alike.
One way to help is with automation. Automation tools make it easier for cybersecurity professionals to enforce security best practices and meet internal and external security mandates.
That was the topic at GovLoop’s recent State & Local Virtual Summit session, entitled “Cybersecurity and Automation – A Perfect Match for Gov.” Three experts joined GovLoop to talk about how automation solutions like Red Hat’s Ansible can help all teams work together toward achieving meaningful improvements in the security posture of their agency.
The experts included Greg Tinsley, Senior Consultant Red Hat, Christopher Grimm Consulting Architect Red Hat; and Bridget Kravchenko Chief Information Security Officer Oakland County, Michigan.
Kravchenko spoke first on how her team has enabled automation to raise the bar for security. Security automation refers to the use of automatic systems to detect and prevent cyberthreats, while contributing to the overall threat intelligence of an organization in order to plan and defend against future attacks.
“Previously in terms of security we were just getting by,” she said. But they were able to scale their security team up when they turned to automated tools and frameworks.
“Security teams have multiple panes of glass to work in on a daily basis and struggle to get out of the daily transactional tasks ,” she explained. “But frameworks help because they require security controls to be implemented, assessed and monitored.”
Automating their security efforts in Kravchenko’s office allowed her team to continuously improve and go even further. “Security automation allowed us to improve security capability and maturity,” she said. She also pointed to the other benefits of security automation, noting that it can drive business value; improve customer satisfaction in security services; and enable the security team to work at a more strategic level.
Implementing self-service automation was another critical step for her team. This self-service automation allowed users to to do password resets, account provisioning, approval workflows, compliance dashboard reporting and more on their own.
“Automation allows you to work smarter and not harder because your team can automate manual repetitive tasks,” she said.
Advising other teams who are thinking of turning to automation for their security postures, Kravchenko had several pieces of advice.
Collecting and automating alerts to notify you what is most important, she advised, as well as fine tune your monitoring tools to automate and consolidate to reduce the number of consoles as much as you can. “You will be surprised how much you can do with the next gen firewalls,” she added.
Finally, she advised that when starting with automation you start with the pain points in your organization. Customer service and satisfaction is number one. Additionally, there’s no need to boil the ocean. Simply start by fine tuning existing monitoring tools to alert and notify on what is important.
“Automating daily tasks will enable security teams to work at a higher level and focus on the bigger risk,” Kravchenko concluded.
Next up, Greg Tinsley, Senior Consultant Red Hat, and Christopher Grimm Consulting Architect Red Hat spoke to how automation tools can be used by agencies to effectively streamline cybersecurity processes, and the benefits of Red Hat’s product, Ansible, as an offensive tool.
Ansible is Red Hat’s IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.
Tinsley and Grimm spoke to how moving to using automation as part of IT practices is a necessary first step for security. The proper automation tooling allows teams to apply the security you need in a simple, consistent, manner, allowing your employees to concentrate on other things.
Ansible allows you to simply define your systems for security. Ansible’s easily understood Playbook syntax allows you to define security for any part of your system, whether it’s setting firewall rules, locking down users and groups, or applying custom security policies.
Automating existing methodologies and systems will help your security teams make more efficient use of resources – people, processes, and technology. “When you model everything with Ansible, security is easier,” said Tinsley.
In today’s complex government IT environments, security is critical. Not only must you be able to define what it means for your systems to be secure, you need to be able to simply apply that security and constantly monitor your systems to ensure they remain compliant. Moving to automation as part of your IT practices is a necessary first step.