Chris Steffen joins the EAE podcast to discuss how automation teams can collaborate with security teams to maintain a secure, resilient environment.

Enterprise automation is expected to orchestrate critical processes 24x7x365. Automation teams must address risks from infrastructure failures and security vulnerabilities in their tools and environments.

Key Ideas

- Automation systems carry high risk due to their critical role and extensive integrations across business, analytics, and operations.

- Cloud and SaaS foundations still require automation teams to understand configurations for reliability.

- Business-critical automation systems often demand 99.999% availability ("five nines").

- Risk assessment is the first step to address cybersecurity, examining implementation, integrations, operations, and access controls.

- Limiting access privileges and eliminating unused accounts reduces vulnerability.

- Changes to systems can impact availability and security, requiring careful change management proportional to risks.

- Security teams and automation teams share the goal of a reliable, resilient environment.

Takeaways for Automation Leaders

- Regularly assess risks from human error, software defects, and third-party failures. Test updates in non-production environments before rollout.

- Build relationships with security teams to prioritize risks and improve team knowledge.

- Audit access management to identify and limit unused or excessive privileges.

- Review change processes for automations, software, and infrastructure to identify mitigations for significant risks.

Show Links

- Chris Steffen - Cybersecurity Awesomeness podcast - Zero Trust Working Group for the Cloud Security Alliance - "Five Nines" High Availability (Wikipedia) - NIST Cybersecurity Framework - SANS Institute⁠