Getty Images/iStockphoto


Best practices for secure network automation workflows

It's not enough to build network automation workflows. It's important to secure those workflows, as well. Access control, encryption and collaboration all play important roles.

Automation plays a critical role in modern networks. It helps network engineers manage networks with fewer repetitive manual tasks for greater agility. But network engineers cannot automate -- or secure -- what they don't understand. Understanding network automation workflows is vital for efficient network management and security.

Networks are an important factor as enterprises scale their digital initiatives, and automation can enable digitalization and innovation. To maintain networks and automation efficiently, network engineers and administrators should follow some best practices to secure network automation workflows.

1. Access controls and authentication

This step ensures that only authorized devices and users can access and run automation scripts and tools. The best ways to harden security are to set a password and use digital certificates, tokens and multifactor authentication. These methods add multiple security layers.

2. Encryption and data protection

Encryption is essential for data confidentiality and integrity. Networks that aren't secured well can be compromised at any time. The challenge for network engineers and administrators is to work on secured workflows for safer networks. Below are some strategies to follow.

Use a VPN

Attackers can eavesdrop data any time on public networks. A VPN encrypts the traffic and helps network professionals access network automation workflows remotely anytime they want to work.

Encrypt sensitive data

Data can be encrypted when it's at rest or in motion. This includes passwords, API keys, credentials and other sensitive data in the automation network.

Use secure protocols

Network engineers and admins interact with devices using network protocols all the time. Nonsecure data can be intercepted or eavesdropped, so it's recommended to choose Secure Shell and HTTPS instead of HTTP.

Use complex encryption algorithms

The industry is full of standards, but some of the best algorithms for secure automation workflows include the following:

  • NIST P-256 elliptic curve cryptography. Considered to be extremely secure, this method uses public key cryptography to secure digital communications.
  • Advanced Encryption System (AES). AES is a well-known symmetric encryption in the industry and used by various companies to secure sensitive data.
  • ChaCha20-Poly1305. This encryption is a stream cipher known for its comprehensive security. Various applications use it, including Wireguard, TLS 1.3 and QUIC.

3. Vulnerability management

No matter the complexity of algorithms and systems, attackers are still able to exploit weaknesses to compromise data. Network engineers and admins should improve workflows to have efficient vulnerability management, and automation can help.

The following areas benefit from automation:

  • Vulnerability scanning.
  • Vulnerability assessment.
  • Vulnerability remediation.

DevOps can also help in this step. By using a CI/CD pipeline to automate build, test and deploy automation scripts, engineers and admins can ensure that scripts and any changes to them are secure. Another strategy is to use a sandbox for testing and development before deploying scripts into production. This is a good way to test and discover vulnerabilities before attackers or hackers.

4. Monitoring and auditing

Networks generate large amounts of data. This data is helpful for network engineers and admins to improve automation workflows by observing behaviors in the logs they collect and analyze.

Here are some good strategies to follow for monitoring and auditing:

  • Automate data collection.
  • Automate anomalies detection.
  • Automate reporting.
  • Use a tool that suits business needs and is compatible with existing infrastructure.
  • Test workflows thoroughly.

5. Collaboration between teams

Automation involves collaboration among different teams. Nobody knows everything, and collaboration helps teams work toward successful metrics. DevOps concepts are useful in this step as well, as they promote teamwork, sharing and collaboration. This cultural change and philosophy is beneficial for modern IT organizations.

For example, consider the CALMS framework in DevOps: culture, automation, lean, measurement and sharing. Build culture change. Use automation to eliminate repetitive tasks. Reduce waste and increase efficiency. Use KPIs to measure progress. Share knowledge and tools.

Some of the best collaboration strategies include the following:

  • Provide training to different teams on how to use automation workflows.
  • Create a culture of collaboration and knowledge sharing.
  • Implement a version control system for automation workflows.
  • Use automation tools that support collaboration features.

Verlaine Muhungu is a self-taught freelance network technician. He was recognized as a Cisco top talent in sub-Saharan Africa during the 2016 NetRiders IT Skills Competition.

Next Steps

Using microservices and containers in network automation

Dig Deeper on Network management and monitoring

Unified Communications
Mobile Computing
Data Center