Episode 5 - Cybersecurity 101 for Automation Leaders

Chris Steffen joins the EAE podcast to discuss how automation teams can collaborate with security teams to maintain a secure, resilient environment. Enterprise automation is expected to orchestrate critical processes 24x7x365. Automation teams must address risks from infrastructure failures and security vulnerabilities in their tools and environments. Key Ideas - Automation systems carry high risk due to their critical role and extensive integrations across business, analytics, and operations. - Cloud and SaaS foundations still require automation teams to understand configurations for reliability. - Business-critical automation systems often demand 99.999% availability ("five nines"). - Risk assessment is the first step to address cybersecurity, examining implementation, integrations, operations, and access controls. - Limiting access privileges and eliminating unused accounts reduces vulnerability. - Changes to systems can impact availability and security, requiring careful change management proportional to risks. - Security teams and automation teams share the goal of a reliable, resilient environment. Takeaways for Automation Leaders - Regularly assess risks from human error, software defects, and third-party failures. Test updates in non-production environments before rollout. - Build relationships with security teams to prioritize risks and improve team knowledge. - Audit access management to identify and limit unused or excessive privileges. - Review change processes for automations, software, and infrastructure to identify mitigations for significant risks. Show Links - Chris Steffen - Cybersecurity Awesomeness podcast - Zero Trust Working Group for the Cloud Security Alliance - "Five Nines" High Availability (Wikipedia) - NIST Cybersecurity Framework - SANS Institute⁠

There are no comments yet.

Please log in to write the first comment.