"That’s Not My Job": I&O’s Role Shift When It Comes To Security
In the halcyon days of my sysadmin youth, my team was asked to perform entitlement reviews on sensitive systems. When we were asked to determine who should have access to what, my director responded in a way I would never forget:
“That’s not my job.”
It sounds snarky, but he was correct. It wasn’t our job. It was security’s role to create policies to execute. It was the business’ decision to determine who should have access to what. It was compliance’s role to verify access. Our role was to ensure these things could be done as safely, quickly, and easily as possible.
I&O needed a role change. The way to address it: automation.
Automation evolves I&O into enablers. Configuration management automation sets up the baseline, guaranteeing a stable environment. Continuous delivery release automation enables consistent setup from development to test to production. Microsegmentation automation using software-defined networking secures traffic channels. Security automation rounds out the picture, ensuring everything is locked down and providing analytics to verify it.
In an updated report, Joseph Blankenship, Dr. Chase Cunningham, and I review the automation landscape and how infrastructure automation in particular forces a necessary, and beneficial, role change for I&O. In the Zero Trust eXtended ecosystem, locking down data is central. Infrastructure automation makes it a reality down to the bare metal.