by: VMware Senior Security Architect Craig Savage
Automation has proven vital in the cloud and Software-as-a-Service (SaaS) era, but only recently has it made significant inroads into the security management plane. Similar to software-defined data center (SDDC) operations where automation enables the same server to be deployed multiple times without human intervention, IT personnel can now build out a highly repeatable security stack without involving any living being. This dramatically lowers the possibility of issues attributed to human error, and also helps ensure that repeated deployments are as flawless as possible (versus traditional manual deployments where human errors can occur).
This approach represents a lot more than simply automating common, but mission-critical, tasks. Regardless of the security level (Department of Defense (DoD) classification, FedRAMP medium, high, etc.) desired, once the deployment has been approved IT teams can employ automation via open source tools to repeat the security stack for any and all future environments. No recreating from scratch each and every time!
Troubleshoot? How about just redeploy
Another advantage will come into play once a suspicious issue (malicious or otherwise) is detected within the security stack. In future iterations, rather than waste days or even weeks to manually troubleshoot the problem, we could simply redeploy the solution. This is a major step forward in our goal of treating security as code, and fits in with our belief that if an enterprise utilizes infrastructure as code this is the next logical evolution.
Currently, we are focusing on using automation to deploy the security stack to different air-gapped environments, as deployment times are traditionally longer. This makes it substantially easier for IT personnel both in terms of the actual effort required to stand up a security stack up and the time it takes for certification. We are also integrating our efforts with service teams earlier on, avoiding “bolt-on” and retrofitting fixes after the development. In fact, our team is part of golden images, deployment pipelines and the initial service setups for cloud products.
At the end of the day, security stack automation represents a win-win situation for all involved. Our IT teams are able to focus on mission-critical tasks while delivering a more secure and less error-prone solution. The typically time-consuming certification process is shortened and streamlined, enabling a more agile enterprise. And overall costs involved (labor, certification/re-certification, etc.) are much lower than any previous security stack solutions to date.
Welcome to the start of the Security as Code era—the software-defined security center (SDSC).
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or email@example.com to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.