One of the key things that make DevOps deployments possible is more automation to make things more reliable. These tools include things like Jenkins, Ansible, Chef, Puppet, SaltStack, and even tools like Hubot, and concepts like Infrastructure as Code, Test Automation, and Test Driven Development, Continuous Integration, Continuous Delivery, and ChatOps. These tools have been a godsend to many a system administrator, and have changed the face of system administration in the last decade.
Unfortunately, security automation has lagged behind the DevOps movement – a decade or more behind. Although many tools exist which provide data to the security professional, in many cases they only add to the problem by providing too much noise with the signal, and requiring extensive customization and tuning. Unfortunately, the threat level from all the organized sources – whether criminal or government or cause-related is high and rises every day. This is made much worse by the chronic and growing shortage of qualified security experts. Given this shortage and the rapidly growing need, the time has come for much more reliable security automation.
Security Automation To The Rescue
Towards this end, the IT Best Practices (ITBP) project was created to collect mechanically verifiable (security) best practices. The next major release of the Assimilation System Management Suite will incorporate the rules from this project in order to continually verify that systems are in compliance with local practices drawn from the rules taken from the ITBP project. Best yet, this all fits naturally into the highly scalable infrastructure and protocol of the Assimilation System Management Suite.
If you want to hear more about these exciting, please come to OSCON 2015 and attend my session talk at on Thursday July 23rd at 4:10 and our a Birds-of-a-Feather session Thursday at 7 PM. The session talk will cover the Assimilation Project with emphasis on the security dimension. If you come to the BOF, you can get all your questions about the Assimilation Suite answered, and get a little swag too ;-).
Looking forward to seeing you there!