Securely Automate IT Tasks with Ansible and CyberArk

October 8, 2020 Chris Smith

Over the past few years, IT teams have embraced automation as a powerful tool to eliminate repetitive tasks, improve efficiency and consistency, and boost productivity and collaboration. The business realities of 2020 are propelling a new wave of automation as many organizations focus on building resilience and scaling digital transformation efforts, while keeping costs down.

Red Hat’s Ansible is one of the leading automation platforms and is widely used by organizations to automate a broad range of IT functions including application deployment, configuration management and continuous delivery. Time-consuming tasks and problems can be tackled efficiently by writing one script, then scaling across the organization using policy and governance to track and monitor changes. With Ansible, which is available in both enterprise and open source versions, organizations can drive complexity out of their environments and accelerate IT initiatives.

Ansible Playbooks Execute Automation Functions

Playbooks are the files in which Ansible’s automation code is written. They contain the instructions that execute the various configuration, deployment and orchestration functions to simplify processes. For example, playbooks can describe a policy for remote systems to enforce, or a set of steps in a general IT process such as managing configuration and deployment to remote machines. Playbooks can be relatively simple – orchestrating a short, ordered list of tasks – or more advanced; for example, sequencing multi-tier rollouts with rolling updates, delegating actions to other hosts, as well as interacting with monitoring systems. Designed for ease-of-use, playbooks use a basic text language and are relatively easy to understand, write and use.

Ansible Playbooks are highly privileged. To access, manage and configure IT resources – such as a VM, server or cloud compute instance – playbooks require appropriate credentials and secrets. If these powerful privileged credentials are not properly managed and secured – or left hardcoded in playbooks or scripts – they become attractive targets for attackers. Using compromised credentials, attackers can access sensitive IT resources and services. Learn more about how automation can expand the privileged attack surface here.

Simplify Ansible Playbooks with Native Out-of-the-Box Integrations

CyberArk and Red Hat provide several native integrations to enhance Ansible security and protect automation environments. These integrations empower DevOps and security teams to automatically secure and manage the credentials and secrets used by IT resources and CI/CD tools.

CyberArk Application Access Manager integrations with Red Hat offer major benefits for both operations and security, including:

  • Dramatically simplifying how operations teams write and use playbooks to securely access the credentials they need to do their job – automating IT functions. Playbooks can seamlessly access, then use, these credentials, which are centrally managed and secured by the CyberArk Core Privileged Access Security solution. For example, when using Ansible, simply use a drop-down menu to select CyberArk as the secrets vault.
  • Secrets used by Ansible Playbooks are automatically secured and rotated by CyberArk based on the organization’s policy. This eliminates the need for operations to manually change and even populate credentials used by the playbooks.

Another important security benefit, and a common question from security teams, is how can security help ensure that each of the various teams across the enterprise writing playbooks only have access to the secrets they need to automate their specific IT tasks? For example, Team A’s playbooks should only have access to the specific secrets and credentials they are allowed, while Team B should only have access to theirs. The CyberArk Red Hat integration solves this separation of duties issue by extending CyberArk’s application and machine identity functions into Ansible Tower’s role-based access controls (RBAC).

Visit CyberArk at AnsibleFest 2020 – Without Leaving Your Workspace

Automation is a strategic component of modernization and digital transformation. To explore how your organization can benefit, attend AnsibleFest – a free, virtual experience on October 13-14, 2020.

See a powerful CyberArk Red Hat integration in action in the session “Defending a Defense Company with Ansible Automation Platform” on Tuesday, October 13 at 10:00 a.m. EDT. Explore a leading defense firm’s automation journey using Ansible to securely configure its global network. You’ll learn how the company’s Ansible team was able to rapidly develop playbooks to use privileged credentials managed by CyberArk to automate the configuration process and quickly rotate device passwords based on policy or an incident – driving significant business advantage.

During AnsibleFest, be sure to drop by CyberArk’s virtual booth and talk with our technical team.

If you’d like to learn more about securing your Ansible automation environments with CyberArk and Red Hat, including CyberArk’s secrets management solutions, check out these resources:

 

Previous Article
Don’t Stop Risk Distancing. Remote Work Is Here to Stay
Don’t Stop Risk Distancing. Remote Work Is Here to Stay

A Look Back: The Sprint to Remote Work Created Security Gaps The global shift to remote work happened fast:...

Next Article
Simplified UX for Improved Platform Management: A Win-Win for Expanding Your PAM Program
Simplified UX for Improved Platform Management: A Win-Win for Expanding Your PAM Program

Rule No. 1 of Google’s “10 Things” philosophy is simple: Focus on the user and all else will follow. It’s s...

Check out our upcoming webinars!

See Webinars