Chris Steffen joins the EAE podcast to discuss how automation teams can collaborate with security teams to maintain a secure, resilient environment.
Enterprise automation is expected to orchestrate critical processes 24x7x365. Automation teams must address risks from infrastructure failures and security vulnerabilities in their tools and environments.
Key Ideas
- Automation systems carry high risk due to their critical role and extensive integrations across business, analytics, and operations.
- Cloud and SaaS foundations still require automation teams to understand configurations for reliability.
- Business-critical automation systems often demand 99.999% availability ("five nines").
- Risk assessment is the first step to address cybersecurity, examining implementation, integrations, operations, and access controls.
- Limiting access privileges and eliminating unused accounts reduces vulnerability.
- Changes to systems can impact availability and security, requiring careful change management proportional to risks.
- Security teams and automation teams share the goal of a reliable, resilient environment.
Takeaways for Automation Leaders
- Regularly assess risks from human error, software defects, and third-party failures. Test updates in non-production environments before rollout.
- Build relationships with security teams to prioritize risks and improve team knowledge.
- Audit access management to identify and limit unused or excessive privileges.
- Review change processes for automations, software, and infrastructure to identify mitigations for significant risks.
Comments ( 0 )