Ansible has long been seen as more than configuration management—it's an orchestrator more than anything, a conductor of the orchestra rather than playing a singular instrument. Since realising this, various tech communities have used Ansible to automate some interesting technology arenas.
The networking space is now well catered for by Ansible, and quite a few security folk are realising the same simple structure and easy learning path can help them too. But, how do you convince your security team that Ansible can help them too? Here are five areas that might pique their interest.
Operating systems
Security and compliance of operating systems can be lengthy and detailed. So help your security folks see that Ansible can help. Here's a useful webinar, with plenty of examples:
Security and compliance automation with Ansible
Patching
Keeping systems up to date is one of the simplest things you can do to create a secure footprint. Automate patching to make things even simpler. Here's an article about a strategy for patching Linux systems:
A data-centric approach to patching systems with Ansible
Applications
A lot of applications require their own passwords. Automate password creation and management, and no human ever need remember them—or write them down and stick them to a screen on their desk:
Rotate passwords with Ansible and HashiVault
Network
Besides configuring networks, you can manage them with Ansible, too:
Using Ansible to mitigate network vulnerabilities
Gluing things together
The real power of Ansible comes from its ability to be "automation glue." The old-fashioned method of automating with scripts in a multitude of different languages can be improved by using a common language. In his blog post, Dan Walsh lists many simple tasks that could easily be gathered together and orchestrated by Ansible. This post on ops tasks to do with Ansible shows several things being run and managed by Ansible—maybe it will provide inspiration for a keen security automator in your company.
These are just a handful of areas that could benefit a busy security team looking for some automation help. What other security automation would you like to read about in a future post? Let us know in the comments below.
Comments are closed.