A prior Secplicity blog post explored the potential of cloud security. Automation is one of the most important reasons to move applications to the cloud. By design, third-party cloud platforms can automate manual tasks to deploy, monitor and maintain systems. The AWS Architecting for the Cloud whitepaper explains best practices for cloud applications driven by automation. How can automation improve security?
First of all, manual processes are prone to human error. It is inevitable. An IBM report finds that human error contributes to 95% of all security breaches. Automation reduces human error by having machines execute tasks. Humans have to create the automation, of course, but it can be tested in advance to ensure it will work correctly each time it is executed. Automation takes time to create up front, but saves time and prevents operational errors in the long run. If implemented correctly, automation keeps systems more secure. If built with security in mind, automated systems can include auditing, security checks, separation of duties and rollback capabilities.
Think about the time it takes you to manually deploy a security appliance. You go through a lot of screens and click a bunch of buttons. Then you have to configure the appliance by logging in, clicking more buttons, and entering configuration values. Let’s say something goes wrong with that appliance in production and you need to re-deploy it quickly. Wouldn’t it be nice if you could just run a script and know that resource would deploy correctly because you already tested that script in the past? If you were on vacation, wouldn’t it be nice if you could safely let less knowledgeable staff re-deploy the resource, because you can be certain the script will deploy the security appliance correctly?
If you store versions of your deployment code, you can automatically prevent and correct unwanted changes. Let’s say you deploy an update and something is wrong with the configuration. With an automated system, you can roll back to the prior version and re-deploy the resource to a known good state. The automated deployment system can track who made what changes when. Automated deployment systems can enforce separation of duties, controlling who is allowed to deploy and approve changes to critical systems. Security automation integrated into software deployment systems can trigger automated tests that disallow deployments that do not meet security standards.
Security automation can also help companies respond more quickly to security events and incidents. Instead of manually reviewing common, reoccurring security events, an automated system can parse logs for the most critical alerts, and then automatically block network ports or shut down systems when these unwanted actions occur. Emails can be sent to end users when suspicious activities occur on their machines to ask them if the action was legitimate or have them call the help desk if not. If a change is discovered that is not in compliance with security standards, it can be prevented or automatically reverted to a secure state.
Automation at first does not seem easier than manually logging into a server and looking at logs. It will take time to write the software that performs the automation. However, taking the time to automate security will help prevent human error and enable security teams to respond to security events more quickly and more effectively for some organizations. For more detailed information, check out a paper I wrote for SANS on AWS Security Automation. In my next blog post I’ll explain how to deploy resources securely in the cloud. — Teri Radichel (@teriradichel)