• +43 660 1453541
  • contact@germaniumhq.com

Automate Your Security

Automate Your Security

As you might remember, we discussed a while back, that having automation for the mundane tasks would yield a great result in the long run. Let’s go a bit more on the most mundane of them all: security.

Security is probably one of the most important non-functional requirements, close as high in my personal value chart, as performance. It’s also the most transparent one, because a change in performance is visible. There are benchmarks that you can run against your application that would show you various improvements that you implement. Furthermore, users will also notice, and there is a real, tangible benefit on having it.

On the security not so much. What’s worse, a compromised site for example can run like before, just that the data now is being leaked to a third malevolent party. There is no visible behavior impact, but of course the business impact is actually worse. So in order to mitigate this, it’s best practice imho to have as many parts of the security as is reasonably doable automated.

For example having something like fail2ban automatically installed can mitigate against brute-force attacks, without having an admin always connected. Having source code scans with tools such as Sonar, can significantly reduce the risk of introducing bugs in the newly developed software. Even running the updates across your infra using something like Jenkins, or better Ansible can reduce the moving parts, and running updates becomes one button away.

Of course, in the course of time, these benefits compound. It’s easier to sleep better at night knowing that your software is up-to-date without having to manually do that periodically.

In the long run, you can just focus on what your business does best - in the case of GermaniumHQ, creating software for API integration testing, without always worrying about being compromised, and of course using Germanium to test if the website is actually up, or if the Jenkins build is correctly built, not only if the server is up.