Get the highlights in your inbox every week.
How to introduce your security team to Ansible | Opensource.com
How to introduce your security team to Ansible
Here are five ideas for security automation.
Ansible has long been seen as more than configuration management—it's an orchestrator more than anything, a conductor of the orchestra rather than playing a singular instrument. Since realising this, various tech communities have used Ansible to automate some interesting technology arenas. The networking space is now well catered for by Ansible, and quite a few security folk are realising the same simple structure and easy learning path can help them too. But, how do you convince your security team that Ansible can help them too? Here are five areas that might pique their interest.
Security and compliance of operating systems can be lengthy and detailed. So help your security folks see that Ansible can help. Here's a useful webinar
, with plenty of examples:
Keeping systems up to date is one of the simplest things you can do to create a secure footprint. Automate patching to make things even simpler. Here's an article about a strategy for patching Linux systems:
A lot of applications require their own passwords. Automate password creation and management, and no human ever need remember them—or write them down and stick them to a screen on their desk:
Besides configuring networks, you can manage them with Ansible, too:
Gluing things together
The real power of Ansible comes from its ability to be "automation glue." The old-fashioned method of automating with scripts in a multitude of different languages can be improved by using a common language. In his blog post, Dan Walsh lists many simple tasks that could easily be gathered together and orchestrated by Ansible. This post on ops tasks to do with Ansible shows several things being run and managed by Ansible—maybe it will provide inspiration for a keen security automator in your company.
These are just a handful of areas that could benefit a busy security team looking for some automation help. What other security automation would you like to read about in a future post? Let us know in the comments below.