The current situation
At the moment 2 focus areas prevail in the IT industry.
Flexibility
In the age of ever-changing customer preferences, flexibility is an important asset. It is about providing customers with new opportunities to realize their goals. And to provide ease of use, ease of integration with existing processes and systems while doing this without overburdening customers. But flexibility is only one way to enhance customer loyalty, opening up new areas for solutions and ensuring the success of the company.
Resilience
On the other hand If we look at the last year, it has been one challenge after another. Real and cyber war, supply chain disruption, Corona and inflation or even recession. These various issues create increased demands on IT to provide a secure and reliable environment.
Both of those focus areas pose new challenges on the IT systems. How can this be addressed? Everyone is talking about the cloud as the jack of all trades that can solve every problem. Can the cloud be the savior?
The cloud is just another way to supply an environment for services and applications. Together with the cloud, containerization is always used. But this also is only the means to provide an environment. But both the cloud and a container infrastructure do not provide a creative solution to a problem. It does not help customers. It does not solve their problems. It does not make IT systems more resilient. And it does not enhance the loyalty of the customers. Only new and customized applications and services help customers solve their problems. And as long as AI does not create new solutions. Only people can do this. With the implementation of a cloud the work gets more complicated with added know-how necessary resulting in an increasing amount of work.
If we look at the age structure in most of our companies in IT, many face the problem of an aging workforce. The coming years will lead to a widening gap between the number of employees available and the number of employees needed to fulfill all necessary tasks to provide customized applications and services in the cloud.
Closing this gap will become a major task for the IT and HR departments in order to ensure reliable operation and hopefully also creative development of new services. This can be done on the one hand side by prolonged retention of experienced employees or by recruiting and training new personnel. Both options are challenging in light of the current labor market and the associated cost. There is another option that can help.
The dawn of the age of automation
Automation is for all repeatable processes and tasks. It is for everything where a response is predictable and where the response can be mapped in terms of procedures in an IT environment. All of those tasks most employees do not like and are not creative. With the introduction of automation those tasks are removed from the employee. They can concentrate on creative tasks like producing solutions to new problems, new ways to service customers, or responding to unpredictable events that can only be solved by people which in turn make their work interesting.
The important role of Automation
There are many examples and topics, where automation can help or even is essential to reach necessary KPIs.
These areas (but are not limited to these) are typical targets for applying automation:
Reactions to security threads
As security becomes an ever more important and relevant topic, and as the systems and attacks also become more and more complex this is an area, where early and full automation does deliver immediate benefits. But even if you have already manually set up environments, making use of tools that allow you to work in already existing environments, the introduction of such tools do help tremendously.
Just assume, that you learn, that some vulnerability has been found in whatever type of config or even version of some firmware. Some of these threats are published through CVEs, and typically should be handled quickly. You are asked to quickly correct the config or update your software or firmware.
So your normal procedure to solve this problem would be:
- Read the CVE
- Find out which systems are affected (also called “threat hunting”)
- Deploy the fix to all affected systems (also called “security incident response”)
Depending on the amount of systems involved, the kind of problem described in the CVE, the available solution to that problem, these steps can be very time-consuming tasks and even involve many special sub-tasks or steps.
But if you already have even the initial setup of these systems been done in an automated way these tasks might be executed quickly. Depending on the tools in use, steps 2.) and 3.) could be individual tasks, or could be combined into one. There are also some specific tools available for specific environments (like Container-image scanning, or Kubernetes configuration checking and correcting), which can be triggered by an overall SDDC or IaC approach. Here not only does automation remove the burden of repetitive tasks from the employees but it also guarantees a consistent way to remove the security problems.
How to deal with compliance requirements
Another important area for automation is compliance. Compliance can simply mean adhering to company internal rules, or they can even be governmental regulations frameworks for industries, like DORA for the financial industry or other such standards. Because most of such regulations are describing some “needs to have” or “shall not do” topics, they somehow need to be transferred into specific technical configurations. These can be different from enterprise to enterprise, so in many cases we do not really find easy to use templates for installations or automation. That’s the area where auditors come into play and consulting companies help in making sure that systems are set up according to some sort of interpretation of these regulations.
But then after the creative human task of translating the regulation into technical requirements has been done, automation is used to simplify the process of configuring and checking relevant systems. The automation tool is used to perform all these configurations. And at the end of this process it checks if the required config change has been applied (which means, that the system is set up correctly), returning the process to human interaction by providing attestations for regulators to certify the result.
Freeing up the developers to do creative work
When you look at developers. Do you instantly think of a person who enjoys adhering to meticulously planned processes? Or someone who creatively envisions new features and functions?
With the rise of the dev ops culture came also a rise of new technologies and frameworks which need to be correctly used and a broadening of the responsibilities of a developer stretching out into the whole lifecycle of a component / service. This is not an easy task. And also with regulatory requirements came an ever increasing toll on the time a developer can use to be creative. But again not only has the work of a developer become more complex but also the number of available developers is small. To overcome that shortage automation can be used to remove complexity and procedural requirements. It starts with supplying an automated generation of a development environment with integration options to create a component which needs interaction with company wide front and backend components. Automated tests support the repeatable testing of components removing the burden on the developer and guaranteeing the consistent result. Then further on with Automated Governance the CI/CD process is enhanced by fact gathering events during the flow of artifacts throughout the development process. Whenever an attestation is needed the build pipeline is then enhanced by an automated process to gather the necessary information and store it securely. And then lastly during the lifetime of a component and its necessary debugging comes the task of setting up a version specific debugging environment which an automated process helps to create.
These are only some examples where automation helps free up developers to concentrate on the main task. Creating new solutions.
Operations and implementing Processes
Automation as a concept has a very long history. In IT things like describing “what to do when” led to the concept behind ITIL. These “paper based structured management descriptions” then also led to implementing these guidelines using tools (I once did experience an event at a customer, where in the process it was written: “when the disk gets full, delete the oldest files”. That led to the operations night shift on the weekend to delete /bin, /lib, /usr… Guess, what happened Monday Morning, when it became obvious, that that procedure did kill the master backup server of a large bank and no-one was really to blame, as all just “followed procedure”) to make sure, that these procedures can be tested and undergo a quality review and now become an agile and living aspect of systems management. In fact, the above mentioned event at that customer (some 25 years ago) also led to creating a tool to fully automate the setup of systems, because they figured that if it would take too long to patch a system, it is faster to 100% automatically reinstall it. Their margin was 2 hours. And, yes, they were able to do that with all their systems already 25 years ago.
So, if everything can be automated, we are getting close to things link SDDC or IaC, and when structured accordingly, even all processes that are described in ITIL and other handbooks lead to safe and secure and stable operations of systems, regardless of their location or usage.
And with this it is possible to create resilient systems that can defend against unpredictable changes and problems.
Summary
First and foremost, however, a company and its IT departments must make a fundamental decision about how the introduction of automation into an organization should proceed. A central strategy must be defined in order to realize the benefits of a holistic approach of automation. This includes, among other things, a platform engineer department, which creates a basis for automation. It can give answers to questions like these: How can automation seekers benefit from knowledge of cross department experts? How can meta processes access automation procedures and automate company wide tasks? How can an overarching security concept be created and implemented?
There are many areas where automation can help a company meet the challenges it currently faces. Related tools simplify such an implementation and free up creative employees from repetitive boring tasks and make their work more varied and fulfilling. And with this closing the workforce gap which we will face in the coming years enabling the company to provide more flexible and resilient solutions for their customers.
This article was written by Matthias Pfützner and Axel Saß