How to introduce your security team to Ansible

Here are five ideas for security automation.
157 readers like this
157 readers like this
a checklist for a team

Opensource.com

Ansible has long been seen as more than configuration management—it's an orchestrator more than anything, a conductor of the orchestra rather than playing a singular instrument. Since realising this, various tech communities have used Ansible to automate some interesting technology arenas.

The networking space is now well catered for by Ansible, and quite a few security folk are realising the same simple structure and easy learning path can help them too. But, how do you convince your security team that Ansible can help them too? Here are five areas that might pique their interest.

Operating systems

Security and compliance of operating systems can be lengthy and detailed. So help your security folks see that Ansible can help. Here's a useful webinar, with plenty of examples:

Security and compliance automation with Ansible

Patching

Keeping systems up to date is one of the simplest things you can do to create a secure footprint. Automate patching to make things even simpler. Here's an article about a strategy for patching Linux systems:

A data-centric approach to patching systems with Ansible

Applications

A lot of applications require their own passwords. Automate password creation and management, and no human ever need remember them—or write them down and stick them to a screen on their desk:

Rotate passwords with Ansible and HashiVault

Network

Besides configuring networks, you can manage them with Ansible, too:

Using Ansible to mitigate network vulnerabilities

Gluing things together

The real power of Ansible comes from its ability to be "automation glue." The old-fashioned method of automating with scripts in a multitude of different languages can be improved by using a common language. In his blog post, Dan Walsh lists many simple tasks that could easily be gathered together and orchestrated by Ansible. This post on ops tasks to do with Ansible shows several things being run and managed by Ansible—maybe it will provide inspiration for a keen security automator in your company.

These are just a handful of areas that could benefit a busy security team looking for some automation help. What other security automation would you like to read about in a future post? Let us know in the comments below.

What to read next
With a quarter of a century of industry experience, Mark has designed and engineered automated infrastructures at every level–from a handful of hosts in startups, to the tens of thousands in investment banks.

Comments are closed.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.