Chris Steffen joins the EAE podcast to discuss how
automation teams can collaborate with security teams to maintain a secure, resilient environment.
Enterprise automation is expected to orchestrate critical
processes 24x7x365. Automation teams must address risks from infrastructure failures and security vulnerabilities in their tools and environments.
Key Ideas
- Automation systems carry high risk due to their
critical role and extensive integrations across business, analytics, and operations.
- Cloud and SaaS foundations still require
automation teams to understand configurations for reliability.
- Business-critical automation systems often
demand 99.999% availability ("five nines").
- Risk assessment is the first step to address
cybersecurity, examining implementation, integrations, operations, and access controls.
- Limiting access privileges and eliminating
unused accounts reduces vulnerability.
- Changes to systems can impact availability and
security, requiring careful change management proportional to risks.
- Security teams and automation teams share the
goal of a reliable, resilient environment.
Takeaways for Automation Leaders
- Regularly assess risks from human error,
software defects, and third-party failures. Test updates in non-production environments before rollout.
- Build relationships with security teams to
prioritize risks and improve team knowledge.
- Audit access management to identify and limit
unused or excessive privileges.
- Review change processes for automations, software, and infrastructure to identify mitigations for significant risks.
Show Links
- Chris Steffen
- Cybersecurity Awesomeness podcast
- Zero Trust Working Group for the Cloud Security Alliance
- "Five Nines" High Availability (Wikipedia)
- NIST Cybersecurity Framework
- SANS Institute
