Introducing FireMon Policy Analyzer Learn More

Why Everyone Automates in Cloud

If you see me speaking about cloud it’s pretty much guaranteed I’ll eventually say

“Cloud security starts with architecture and ends with automation.”

I’m nothing if not repetitive. This isn’t a quip, it’s based on working heavily in cloud for nearly a decade with organizations of all size. The one consistency I see over and over is that once organizations hit a certain scale they start automating their operations. And every year that line is earlier and earlier in their cloud journey.

I know it because first I lived it, then I watched every single organization I worked with, talked with, or generally glanced at, go down the same path.

We all start by manually managing things in the console.

No surprise, since that’s where we sign up and start using the cloud. It’s the best place to learn, and most of the consoles have a wizards, instructions, and other tips to help us along as we get started.  But this doesn’t scale for long due to the increasing complexity as we build out both more complex environments, or multiple copies of simple environments. Clicking through a web based user interface for repetitive tasks is not overly efficient, and becomes more and more time-consuming and frustrating. This isn’t just due to bad user interfaces from the cloud providers (and let’s be honest, some of them are pretty terrible), if you think about it we are trying to manage effectively every aspect of a data center from a single web interface. NotGoingToHappen.

Thus the next natural step…

Is to move into using the command line interfaces, but these face equal complexity. Keeping a data center running involves a ton of moving parts for initial provisioning alone, never mind ongoing operations. While it is easy to remember the commands you use constantly, no one can really keep everything at this scale in their heads. And it still comes down to typing the same commands over and over for the same tasks.

And all this assumes you are just one person managing one account, yet in even a small startup you need to manage repetitive tasks across multiple accounts.

At the same time…

Development teams are already working directly with the APIs to integrate the different pieces of the cloud into applications. It probably starts as simple as managing some S3 buckets, but rapidly will expand into managing everything from global scale databases to machine learning engines. This is how you integrate PaaS into your applications and derive some of the most essential value from cloud.

Dev teams also quickly use tools like Terraform and CloudFormation to define their infrastructure as code. That way they can build their dev/test/prod environments and keep everything consistent.

Before long (okay, sometimes it takes a couple years) security and operations then start leveraging the automation themselves, typically in three main areas.

  1. Use of Infrastructure as Code (IaC) to build out new environments and integrate with deployment pipelines. IaC allows us to build consistent, repeatable environments and provision our baseline security and ops requirements. Developers also use it to define their environments for dev/test/prod. Everyone wins and every single company I’ve worked with ends up using it very quickly.
  2. Automation for assessment and monitoring. The core problem is maintaining visibility over disparate cloud resources, even when they are all in the same account. Consoles can show a lot, but automation allows you to show what matters to you. This is actually a HUGE advantage over traditional infrastructure where we spend ridiculous amounts of cash just to do things like track servers in the data center. Something which is merely an API call away in cloud.
  3. Automation for operations. Once you start seeing things out of alignment you want to start fixing them. Plus there are a wide range of workflows that can naturally be automated. While this level of automation is cost prohibitive in most traditional infrastructure, even if it’s possible, it’s just a natural extension of working in cloud.

One of the key advantages of cloud is segregation…

isolating out environments with just the resources they need so that those developers can move quickly without stepping on anyone else. But quickly this leads to needing repeatable processes and management, and with the APIs just sitting there it’s only natural to automate.

A child will crawl, then walk, then run even if they grow up in an isolation chamber without external stimuli (we promise we haven’t tried this… really). It’s a natural progression. It’s the same for cloud automation… it is simply the inherent requirement to operate anything in the cloud at scale, and everyone gets there eventually. The trick is to get there effectively.

About the Author

You May Also Like

Asset Visibility: A Critical Component of Security Hygiene

As the world becomes increasingly digitized, cybercrime has become one of the most significant threats that organizations face. Environments are expanding at a rapid pace and cybercriminals are always looking for new ways to exploit vulnerabilities in computer systems and networks, making security hygiene a high priority for preventing attacks.

Read More >

FireMon Cloud Defense Introduces Free Enterprise-Scale CSPM

FireMon is incredibly excited to introduce the industry’s first completely free unlimited CSPM for any size cloud deployments. A curated subset of features from our Cloud Defense platform designed to help cloud customers identify and manage baseline security and compliance risks. At FireMon we believe all organizations and individuals deserve

Read More >

Get 9X Better

See how to get:

90% Efficiency Gain by automating firewall support operations

90%+ Faster time to globally block malicious actors to a new line

90% Reduction in FTE hours to implement firewalls

Schedule a Demo