What is Datacenter Automation?

A few years ago, I accepted the role of Automation Engineer here at Kinney Group. At the time, I had no idea this would be the title for what I loved to do and had been doing for most of my career. Before I continue, I want to help define what automation is all about. It is not about robotics or manufacturing automation. Automation, in this context anyway, covers a lot of different labels — Orchestration, DevOps, DevSecOps, CI/CD, Configuration as Code, Infrastructure as Code, and so on. All these descriptions seem to confuse people when I try to explain what it is I do. But simply put, automation takes a task or set of tasks and codifies them into a repeatable and consistent process to get the same results every time. 

Automation makes use of tons of different tools, like VMware vRealize Automation and Orchestration, Jenkins, Puppet, Ansible, Terraform, and so on, to get the desired results of deployment and configuration with some stack or software. For most, the installation wizard of their favorite program can be challenging enough. That is one reason I strive to make deployments or configurations as simple as possible.  

Automating Redundant Tasks

Here’s an example of what I mean by automation: Several years ago, I was responsible for the support and maintenance of some Apache webservers for a national organization. Every time a patch was released, I had to go through the process of upgrading and applying those patches across all the systems. After working through the process by hand several times it became, well, boring and I started looking for ways to make my life easier. For the most part, all these were the same setup, so I went to work building scripts that would shorten the deployment time and increase the reliability of each deployment. These were all custom tools designed for a specific environment.  

In the end, this only benefited myself. I would have been happy to share my scripts so others could enjoy the same satisfaction, but these were custom and just for me. So that’s one example of automation.

Automating the Complex and Cumbersome

Later, after acquiring my new title (Automation Engineering Manager), I worked with a team of engineers to perform a similar process. We took a stack of written instructions that would take someone a week or more of manual steps and watching screens to build out and configure eight servers in a virtual environment, down to approximately 10 minutes of data input to accomplish +90% of the same results — in just 20 minutes of computer time.   

This solution was built with a combination of tools that were already owned by the customer (VMware) and open source tools (Jenkins and Puppet). This, again, was a custom solution as a whole, but several of smaller portions are completely reusable on other projects.  

That is automation. It’s what gets me out of bed in the morning. To be able to give back someone’s time — and often their sanity— and to provide a consistently repeatable process. To automate something so complex like multi-server configurations isn’t easy and can cause you to think (way) outside of the box to provide the desired outcome, but it is so rewarding to see the look on the customers face when they realize what you have just saved them. 

So, the next time you think about how boring the repetitive work you are doing looks to you, remember there is often a way to automate the work — especially when computers are involved.   

Want to know how Automation Services from Kinney Group can transform your workload?

We’d love to hear about your challenges and chat about how automation can put hours back in your work week. Fill out the short form below and we’ll be touch!

Why Cybersecurity Requires DevOps

Consider for a moment this data spanning 7 years, showing that there are constants in cybersecurity trends. A 2008 report demonstrated that 62% of all data breaches were caused by a significant manual error or an internal mistake. A 2015 report found that over the past 11 years, 96% of all security incidents fell into nine basic patterns, of which the top four patterns, totaling about 90%, involve human error or misuse. Even though millions of security threats exist, this data gives us hints where to focus.

Frequency of incident classification patterns across security incidents for 2013 and 2014.
FIGURE 1: Frequency of incident classification patterns across security incidents for 2013 and 2014.

Savvy CISOs are in the risk mitigation business. Process automation and collaboration are critical to risk mitigation, as they address priority patterns related to a poor patching strategy, pushing bad code to production, and observing manual configuration mistakes. It is also vitally important to balance meeting end-user expectations in production and risk. Cue, DevOps!

Coining the name “DevOps” is a stopgap way of dealing with a problem: the community doesn’t know exactly what to call this methodology otherwise.

Sure, it started as a solution to the Development and Operations collaboration dilemma. Simple. It rolls off the tongue. Fast-forward a few years, the idea of DevOps is much more nebulous. Let’s reflect on the meta of the trend: DevOps is a new and necessary space, formed in the middle of engineering, that is an incredible asset to cybersecurity as a blueprint for building a collaborative culture and automation-centric responsibilities, which are essential for modern cybersecurity.


DevOps for Cybersecurity is Cultural and Functional

The model for why your cybersecurity requires DevOps is twofold: it is a cultural philosophy and a functional role. As a cultural philosophy, DevOps seeks to drive efficiencies, tear down silos, and elicit collaboration, which can put security teams more in-tune with the business objective of delivering engineering results. As a functional role, the DevOps entity lives within an organization’s engineering department, and it is comprised of the people, policies, practices, and tools dedicated to improving the software development life cycle as a whole. From development to production, the role of DevOps is to bridge the gap between Development, Operations/Systems Management, Security teams, and other teams, as well.

Silos tend to haunt successful organizations because the good ones can grow to enterprise size. At that scale, the smallest human error can affect dozens of systems, and degrade the quality of product. Also, mistake-prone manual processes create an incredible security risk. Infrastructure has to scale, development and QA become more robust, continuous integration is implemented, policies and practices need to be implemented and enforced, and the responsibilities of each team become more defined. With this growth, the overlap between the teams diminishes and the void between the teams increases.

In a startup environment (left) it is unavoidable that engineering teams will overlap because “everyone does everything.” In a startup, DevOps is more cultural and a mindset among teams. For the enterprise environment (right) DevOps can become a true, staffed function for the organization.
FIGURE 2: In a startup environment (left) it is unavoidable that engineering teams will overlap because “everyone does everything.” In a startup, DevOps is more cultural and a mindset among teams. For the enterprise environment (right) DevOps can become a true, staffed function for the organization.


Development and Operations cannot support the new demands of facilitating, managing, and scaling enterprise continuous integration, deployment, source control, and effective collaboration without misallocating their own time and effort, which thereby disrupts their ability to do their own work. Security risk skyrockets.

Reasons that DevOps and Security Teams Need to be Connected

  1. DevOps helps bind the security and engineering departments together through collaboration, policies, and procedures. Developers need resources and information from operations, operations need product and information from engineers, and security teams need to cast a wider net on relevant data. In the end, DevOps is charged with ensuring all teams get what they need to be successful across the entire Software Development Life Cycle (SDLC) by implementing policies and procedures such as requiring proper notification of new resource requirements or configuration changes, providing a means to provision development or testing environments, or no production releases without acceptance testing. Additionally, DevOps makes sure product is not “thrown over the wall” to operations by mandating necessary collaboration between teams to keep everyone in the same pool of knowledge.
  2. DevOps improves product quality and security concurrently. One of the mainstays of DevOps is a rapid feedback loop (FIGURE 3). Implementing practices like continuous integration promotes instant feedback on changes from development as they are made. If a piece of code or configuration is broken or caused something else to break, which can cause security vulnerabilities, the faster it is made known the faster it can be fixed. Also, automated test runs, both pre and post deployment, are essential to this effort. The tools controlling this bit of automation provide visibility into the state of the product. In essence, DevOps owns the continuous integration/deployment realm, which is aimed at fast and effective quality checks during integration and deployment.
  3. DevOps ensures a streamlined and dynamic workflow by keeping the SDLC automation infrastructure up to date with the ever changing needs of security, development, and operations. This is accomplished through innovation and staying current on technology. DevOps must create a pipeline for the product. The pipeline needs to remain consistently functional yet easily updatable as product or infrastructure changes occur, which requires time and effort outside of development or operations.
  4. DevOps guides the engineering culture towards agility, innovation, and an automated approach to security. Someone has to assume a governing responsibility over the SDLC within engineering and prioritize secure, bug-free code. DevOps is the perfect entity to assume the role of “security champion”, given it is logically right in the center of engineering. This creates a “single source of truth” for the policies, practices, and tools necessary to build and deliver a secure, quality product in an agile, innovative, and cohesive manner. DevOps falls in line with the team posture by accepting input from all other teams within engineering, sifting through the needs and requirements, and then making intelligent decisions. A few of these decisions include what tools to use, how the development pipeline will look (e.g. involving security testing or not), and how to build a foundation upon which the SDLC for that particular engineering department will operate.

It is important to create a culture that fosters two things: making and learning from mistakes; and practice makes perfect. Only through this continuous effort can true mastery be achieved.
FIGURE 3: It is important to create a culture that fosters two things: making and learning from mistakes, and practice makes perfect. Only through this continuous effort can true mastery be achieved.

When DevOps and security teams collaborate, it helps to address problems proactively at the root level, not retroactively. The security is better because monitoring tools are introduced and hardening guidance is built into the DevOps process. When your cybersecurity requires DevOps, you have competitive advantage, because your organization’s code now tells a richer story: it works, it’s released fast, and it’s secure.

Click here to download and save this blog post as a PDF.


Kim, G. (2013, October 1). DevOps distilled: A new look at DevOps. Retrieved November 6, 2015, from http://www.ibm.com/developerworks/security/library/se-devops/index.html
Mueller, E., Wickett, J., Gaekwad, K., & Karayanev, P. (2010, August 2). What Is DevOps? Retrieved November 6, 2015, from http://theagileadmin.com/what-is-devops/
Schulman, J. (2015, August 17). Why Security Needs DevOps. Retrieved November 6, 2015, from https://www.jayschulman.com/why-security-needs-devops/
Verizon (2015). Data Breach Investigations Report. Retrieved from: http://www.verizonenterprise.com/DBIR/2015/