1 00:00:00,000 --> 00:00:00,960 In this lesson, 2 00:00:00,960 --> 00:00:03,840 we're going to cover when to automate and orchestrate. 3 00:00:03,840 --> 00:00:05,520 Now let's dive into this critical topic 4 00:00:05,520 --> 00:00:06,930 of automation and orchestration, 5 00:00:06,930 --> 00:00:10,320 and its significant in the realm of our secure operations. 6 00:00:10,320 --> 00:00:12,270 When we talk about automation and orchestration, 7 00:00:12,270 --> 00:00:13,620 they are indispensable tools 8 00:00:13,620 --> 00:00:15,450 in our modern information technology 9 00:00:15,450 --> 00:00:18,060 and cybersecurity enterprise environments. 10 00:00:18,060 --> 00:00:20,250 Automation and orchestration offer us the potential 11 00:00:20,250 --> 00:00:22,260 to streamline our complex processes, 12 00:00:22,260 --> 00:00:23,640 enhance our security measures, 13 00:00:23,640 --> 00:00:26,610 and significantly improve our operational efficiencies. 14 00:00:26,610 --> 00:00:29,100 However, their effective deployment does require 15 00:00:29,100 --> 00:00:30,600 that you consider several factors 16 00:00:30,600 --> 00:00:32,820 before you implement automation and orchestration 17 00:00:32,820 --> 00:00:34,380 inside of your organization, 18 00:00:34,380 --> 00:00:36,450 including the complexity, the cost, 19 00:00:36,450 --> 00:00:39,450 any single points of failure, the concept of technical debt, 20 00:00:39,450 --> 00:00:41,880 and your ability to conduct ongoing supportability 21 00:00:41,880 --> 00:00:44,760 of your automation and orchestration processes. 22 00:00:44,760 --> 00:00:46,200 So our first step is determining 23 00:00:46,200 --> 00:00:47,340 whether or not we should automate 24 00:00:47,340 --> 00:00:48,930 or orchestrate a given process 25 00:00:48,930 --> 00:00:51,540 by determining how complex the process actually is, 26 00:00:51,540 --> 00:00:53,670 and if that actually warrants your time, money, 27 00:00:53,670 --> 00:00:56,430 and resources that would be required to be able to automate 28 00:00:56,430 --> 00:00:58,710 or orchestrate the entire process. 29 00:00:58,710 --> 00:01:01,200 For example, if you want to conduct a routine backup 30 00:01:01,200 --> 00:01:03,060 of your server storage every evening, 31 00:01:03,060 --> 00:01:05,310 this would be a great use for setting up automation 32 00:01:05,310 --> 00:01:06,930 because it's not really complex enough 33 00:01:06,930 --> 00:01:08,940 to require the use of orchestration. 34 00:01:08,940 --> 00:01:09,840 On the other hand, 35 00:01:09,840 --> 00:01:10,920 if you want to create a runbook 36 00:01:10,920 --> 00:01:12,210 that'll conduct an instant response 37 00:01:12,210 --> 00:01:13,110 on a given workstation 38 00:01:13,110 --> 00:01:15,330 when it's identified as being infected with malware, 39 00:01:15,330 --> 00:01:17,610 that requires a lot more moving pieces. 40 00:01:17,610 --> 00:01:19,200 And so you're going to have to use orchestration 41 00:01:19,200 --> 00:01:20,940 because there's numerous complex tasks 42 00:01:20,940 --> 00:01:22,710 like logically isolating the infected machine 43 00:01:22,710 --> 00:01:23,580 from the network, 44 00:01:23,580 --> 00:01:25,380 imaging the workstation storage drive, 45 00:01:25,380 --> 00:01:26,970 submitting that drive image for analysis 46 00:01:26,970 --> 00:01:29,340 to the forensics team, formatting that workstation, 47 00:01:29,340 --> 00:01:31,140 installing a known good operating system image 48 00:01:31,140 --> 00:01:32,250 on that workstation, 49 00:01:32,250 --> 00:01:33,240 scanning the workstation 50 00:01:33,240 --> 00:01:34,830 to validate it's no longer infected, 51 00:01:34,830 --> 00:01:36,720 and returning the workstation to the network. 52 00:01:36,720 --> 00:01:37,980 And all of this can be conducted 53 00:01:37,980 --> 00:01:39,840 using an orchestration process 54 00:01:39,840 --> 00:01:41,563 that launches multiple different automation processes 55 00:01:41,563 --> 00:01:44,010 to be able to complete all of those required actions 56 00:01:44,010 --> 00:01:45,360 on your behalf. 57 00:01:45,360 --> 00:01:46,710 Now, second, we have to stop 58 00:01:46,710 --> 00:01:48,270 and think about the cost associated 59 00:01:48,270 --> 00:01:50,850 with implementing automation and orchestration. 60 00:01:50,850 --> 00:01:52,530 Cost is usually going to be a key factor 61 00:01:52,530 --> 00:01:54,120 in your decision-making process 62 00:01:54,120 --> 00:01:55,440 as to whether or not you're going to use 63 00:01:55,440 --> 00:01:57,300 automation and orchestration. 64 00:01:57,300 --> 00:01:58,260 While these technologies 65 00:01:58,260 --> 00:02:00,420 do promise substantial long-term cost savings 66 00:02:00,420 --> 00:02:02,190 because of their increased efficiency, 67 00:02:02,190 --> 00:02:05,100 they often entail a really large upfront investment 68 00:02:05,100 --> 00:02:06,120 to be able to create them 69 00:02:06,120 --> 00:02:07,680 because you have to hire a service provider, 70 00:02:07,680 --> 00:02:09,479 or you need to pay a team of developers to make them, 71 00:02:09,479 --> 00:02:10,979 or something like that. 72 00:02:10,979 --> 00:02:11,813 Now, because of this, 73 00:02:11,813 --> 00:02:12,690 you really need to conduct 74 00:02:12,690 --> 00:02:14,880 a comprehensive cost-benefit analysis 75 00:02:14,880 --> 00:02:17,040 to weigh the expenses associated with that development, 76 00:02:17,040 --> 00:02:18,540 implementation, or maintenance 77 00:02:18,540 --> 00:02:21,360 against your proposed automation and orchestration solution 78 00:02:21,360 --> 00:02:22,980 and the benefits that you expect to get 79 00:02:22,980 --> 00:02:24,810 with those long-term savings. 80 00:02:24,810 --> 00:02:25,710 You should also make sure 81 00:02:25,710 --> 00:02:27,180 that you're considering all of your costs, 82 00:02:27,180 --> 00:02:29,010 including all the hardware, software, 83 00:02:29,010 --> 00:02:31,050 personnel, and ongoing support costs 84 00:02:31,050 --> 00:02:32,070 that are going to be associated 85 00:02:32,070 --> 00:02:34,740 with the automation and orchestration functions. 86 00:02:34,740 --> 00:02:36,450 For example, here at Dion Training, 87 00:02:36,450 --> 00:02:38,670 we initially began selling discounted exam vouchers 88 00:02:38,670 --> 00:02:40,380 several years ago to our students, 89 00:02:40,380 --> 00:02:42,810 and we started this program using manual labor 90 00:02:42,810 --> 00:02:44,610 where a real person would simply receive 91 00:02:44,610 --> 00:02:46,110 an email order from you. 92 00:02:46,110 --> 00:02:49,110 We would buy the exam voucher on your behalf at a discount, 93 00:02:49,110 --> 00:02:51,090 and then we would email that voucher code over to you 94 00:02:51,090 --> 00:02:52,560 to fulfill your order. 95 00:02:52,560 --> 00:02:54,660 Now, this worked well enough when we started out the program 96 00:02:54,660 --> 00:02:57,030 because we only sold a few vouchers per week. 97 00:02:57,030 --> 00:02:59,190 But as our program became more popular, 98 00:02:59,190 --> 00:03:02,070 we quickly found that it was both cheaper and more efficient 99 00:03:02,070 --> 00:03:04,620 to fully automate the voucher fulfillment process, 100 00:03:04,620 --> 00:03:07,650 even though this wasn't an inexpensive thing for us to do. 101 00:03:07,650 --> 00:03:09,960 In our case, we began automating this process 102 00:03:09,960 --> 00:03:12,270 a few years ago using some simple automations 103 00:03:12,270 --> 00:03:14,700 that cost us a few thousand dollars to create. 104 00:03:14,700 --> 00:03:16,680 Over time though, as we continued to increase 105 00:03:16,680 --> 00:03:18,090 the number of vouchers we were selling, 106 00:03:18,090 --> 00:03:19,230 we had to upgrade our system 107 00:03:19,230 --> 00:03:22,230 to a fully orchestrated system that we use today. 108 00:03:22,230 --> 00:03:24,450 Now we consider the cost at each step along the way, 109 00:03:24,450 --> 00:03:26,250 and that's why we started with a manual process 110 00:03:26,250 --> 00:03:27,810 to figure out what we needed to do 111 00:03:27,810 --> 00:03:30,090 at the cheapest and easiest way to get started. 112 00:03:30,090 --> 00:03:33,180 Then we implemented an automation process at a lower cost 113 00:03:33,180 --> 00:03:34,560 until it made financial sense for us 114 00:03:34,560 --> 00:03:37,380 to move to a more expensive and fully orchestrated solution. 115 00:03:37,380 --> 00:03:38,640 And I recommend you do the same thing 116 00:03:38,640 --> 00:03:40,620 in your organizations, too. 117 00:03:40,620 --> 00:03:42,000 Now, the third thing we need to consider 118 00:03:42,000 --> 00:03:44,160 is any single points of failure that may exist 119 00:03:44,160 --> 00:03:45,900 as you begin to implement automation 120 00:03:45,900 --> 00:03:48,210 or orchestrations inside of your network. 121 00:03:48,210 --> 00:03:50,340 For example, many organizations will simply forget 122 00:03:50,340 --> 00:03:51,600 to build in backup systems 123 00:03:51,600 --> 00:03:54,780 or manual processes that they can use in case the automation 124 00:03:54,780 --> 00:03:57,210 or orchestration system fails in the future. 125 00:03:57,210 --> 00:03:58,260 This lack of foresight 126 00:03:58,260 --> 00:03:59,700 does create a single point of failure 127 00:03:59,700 --> 00:04:01,080 in your organization's network 128 00:04:01,080 --> 00:04:03,150 because everything is relying on your orchestrations 129 00:04:03,150 --> 00:04:05,400 and automations, and if they stop working, 130 00:04:05,400 --> 00:04:07,110 everything's going to stop working. 131 00:04:07,110 --> 00:04:08,370 Now this is an issue for you, 132 00:04:08,370 --> 00:04:10,530 so you need to make sure your automations and orchestrations 133 00:04:10,530 --> 00:04:12,630 are being appropriately designed to maintain, 134 00:04:12,630 --> 00:04:14,430 and that way you won't have a disruption 135 00:04:14,430 --> 00:04:16,019 to your essential business processes 136 00:04:16,019 --> 00:04:18,060 if one of those encounters an issue. 137 00:04:18,060 --> 00:04:19,589 For example, even though we use 138 00:04:19,589 --> 00:04:21,600 our fully-orchestrated voucher fulfillment system 139 00:04:21,600 --> 00:04:22,740 here at Dion Training, 140 00:04:22,740 --> 00:04:24,150 we still have a manual process 141 00:04:24,150 --> 00:04:27,150 that we can use if the orchestration fails for any reason. 142 00:04:27,150 --> 00:04:29,550 This helps to mitigate the risk of a single point of failure 143 00:04:29,550 --> 00:04:30,870 by implementing redundancy measures 144 00:04:30,870 --> 00:04:33,030 and failover mechanisms into our systems. 145 00:04:33,030 --> 00:04:35,490 And we have both technical ones and manual ones 146 00:04:35,490 --> 00:04:37,620 that we use for administrative processes. 147 00:04:37,620 --> 00:04:39,600 Redundancy here might entail backup servers 148 00:04:39,600 --> 00:04:42,450 or a failover system that ensures uninterrupted operations, 149 00:04:42,450 --> 00:04:44,190 even if one component fails. 150 00:04:44,190 --> 00:04:46,590 Or it could simply involve having a manual process 151 00:04:46,590 --> 00:04:47,430 that could be implemented 152 00:04:47,430 --> 00:04:49,410 if the automation or orchestration fails, 153 00:04:49,410 --> 00:04:52,320 and you have to buy and fulfill those vouchers manually. 154 00:04:52,320 --> 00:04:55,020 Now, the fourth thing we have is technical debt. 155 00:04:55,020 --> 00:04:56,250 Now, technical debt is created 156 00:04:56,250 --> 00:04:57,960 by our automation and orchestration systems 157 00:04:57,960 --> 00:04:59,490 anytime we develop them. 158 00:04:59,490 --> 00:05:01,440 Just like any other technology we have, 159 00:05:01,440 --> 00:05:03,270 these systems can accumulate technical debt 160 00:05:03,270 --> 00:05:04,486 if it's not adequately maintained 161 00:05:04,486 --> 00:05:06,810 or if those systems become outdated 162 00:05:06,810 --> 00:05:07,830 because things are changing, 163 00:05:07,830 --> 00:05:09,630 and we're not keeping up with it. 164 00:05:09,630 --> 00:05:11,730 Technical debt refers to the accumulated cost 165 00:05:11,730 --> 00:05:13,470 and complexity of suboptimal 166 00:05:13,470 --> 00:05:15,540 or hastily implemented software solutions 167 00:05:15,540 --> 00:05:18,420 that need to be addressed or refactored in the future. 168 00:05:18,420 --> 00:05:20,520 This technical debt can impede efficiency 169 00:05:20,520 --> 00:05:23,400 and security for us, so we have to mitigate it. 170 00:05:23,400 --> 00:05:25,800 And the best way to mitigate the risk of technical debt 171 00:05:25,800 --> 00:05:27,630 is to make sure that you're conducting regular reviews 172 00:05:27,630 --> 00:05:30,690 and updates of your automation and orchestration systems. 173 00:05:30,690 --> 00:05:32,610 This type of ongoing maintenance helps to ensure 174 00:05:32,610 --> 00:05:33,810 that these systems remain aligned 175 00:05:33,810 --> 00:05:35,520 with your organization's evolving needs 176 00:05:35,520 --> 00:05:38,250 and your ever-changing technology landscape. 177 00:05:38,250 --> 00:05:40,200 For example, here at Dion Training, 178 00:05:40,200 --> 00:05:42,150 we accumulated quite a bit of technical debt 179 00:05:42,150 --> 00:05:44,880 with that first voucher fulfillment automation system. 180 00:05:44,880 --> 00:05:47,700 So as we move to the fully-orchestrated process, 181 00:05:47,700 --> 00:05:50,640 we spent a lot of time refactoring our existing code base 182 00:05:50,640 --> 00:05:51,780 before we could even move forward 183 00:05:51,780 --> 00:05:53,400 with the orchestration project. 184 00:05:53,400 --> 00:05:54,960 And this cost us weeks of effort 185 00:05:54,960 --> 00:05:56,940 and the associated labor cost that went into that, 186 00:05:56,940 --> 00:06:00,210 with that code refactoring project was pretty substantial. 187 00:06:00,210 --> 00:06:03,180 Fifth, we need to consider the ongoing supportability 188 00:06:03,180 --> 00:06:05,460 of our automations and orchestrations. 189 00:06:05,460 --> 00:06:07,710 Now, long-term supportability is a vital factor 190 00:06:07,710 --> 00:06:10,470 for you to consider, because as your technologies evolve, 191 00:06:10,470 --> 00:06:12,360 your orchestration and automation processes 192 00:06:12,360 --> 00:06:14,220 have to also be modified and adapted 193 00:06:14,220 --> 00:06:16,290 to meet that changing technology. 194 00:06:16,290 --> 00:06:18,960 As you invest in automation and orchestration solutions, 195 00:06:18,960 --> 00:06:19,793 you need to ensure 196 00:06:19,793 --> 00:06:21,660 that your team possesses the necessary skills 197 00:06:21,660 --> 00:06:24,720 to be able to maintain and adapt those systems over time. 198 00:06:24,720 --> 00:06:25,890 Training and skill development 199 00:06:25,890 --> 00:06:27,180 are going to be essential components 200 00:06:27,180 --> 00:06:28,920 to ensure your ongoing supportability 201 00:06:28,920 --> 00:06:31,620 of your automations and orchestration systems. 202 00:06:31,620 --> 00:06:33,150 Now, I have seen many organizations 203 00:06:33,150 --> 00:06:35,040 who simply outsource the one-time development 204 00:06:35,040 --> 00:06:36,900 of those automations and orchestrations, 205 00:06:36,900 --> 00:06:39,000 and then they're surprised when their systems stop working 206 00:06:39,000 --> 00:06:41,820 after a few weeks, a few months, or even a few years. 207 00:06:41,820 --> 00:06:43,380 Now, this is because most automations 208 00:06:43,380 --> 00:06:45,360 rely on the interconnection of various systems 209 00:06:45,360 --> 00:06:46,710 through the use of APIs, 210 00:06:46,710 --> 00:06:49,740 or application programming interfaces, and webhooks. 211 00:06:49,740 --> 00:06:51,210 But if any of those various systems 212 00:06:51,210 --> 00:06:53,460 is updated, upgraded, or replaced, 213 00:06:53,460 --> 00:06:55,680 it can break all of your automations. 214 00:06:55,680 --> 00:06:58,170 For example, at Dion Training, we have an automation 215 00:06:58,170 --> 00:06:59,250 that we use to pull questions 216 00:06:59,250 --> 00:07:01,440 posted by our students about four times per day, 217 00:07:01,440 --> 00:07:03,930 and then create trouble tickets in our own support system 218 00:07:03,930 --> 00:07:05,100 for our student support analysts 219 00:07:05,100 --> 00:07:07,050 to be able to respond to those questions. 220 00:07:07,050 --> 00:07:07,980 So for example, 221 00:07:07,980 --> 00:07:10,500 if the Udemy learning management system gets an update, 222 00:07:10,500 --> 00:07:12,570 that's actually going to break some of our automations 223 00:07:12,570 --> 00:07:13,950 because they change the way they receive 224 00:07:13,950 --> 00:07:15,120 questions from the students, 225 00:07:15,120 --> 00:07:17,820 or have they notify us that a new question is being posted. 226 00:07:17,820 --> 00:07:20,100 So our development team has to go back in 227 00:07:20,100 --> 00:07:21,450 and update our automations 228 00:07:21,450 --> 00:07:23,130 to ensure that they're always working properly 229 00:07:23,130 --> 00:07:24,270 and are supported over time 230 00:07:24,270 --> 00:07:27,810 as other systems along the way are being changed or updated. 231 00:07:27,810 --> 00:07:30,990 So when should you automate or orchestrate a given process? 232 00:07:30,990 --> 00:07:33,300 That's a great question that we really have to answer. 233 00:07:33,300 --> 00:07:35,430 Well, what I have found is that the most effective use 234 00:07:35,430 --> 00:07:37,140 of automation and orchestration 235 00:07:37,140 --> 00:07:38,400 is for tasks and workflows 236 00:07:38,400 --> 00:07:40,650 that are both repeatable and stable. 237 00:07:40,650 --> 00:07:42,660 You should first try to identify any processes 238 00:07:42,660 --> 00:07:45,840 within your organization that remain consistent over time. 239 00:07:45,840 --> 00:07:48,210 These processes are the ones that are prime candidates 240 00:07:48,210 --> 00:07:50,100 for automation or orchestration 241 00:07:50,100 --> 00:07:52,500 as they can yield significant time and resource savings 242 00:07:52,500 --> 00:07:54,960 because they're repeatable and fairly consistent. 243 00:07:54,960 --> 00:07:57,180 If you have a task that is considered a one-off task, 244 00:07:57,180 --> 00:07:58,290 a highly variable task 245 00:07:58,290 --> 00:07:59,910 or a frequently changing task, 246 00:07:59,910 --> 00:08:01,890 it is probably not going to be a good candidate 247 00:08:01,890 --> 00:08:04,200 for automation or orchestration. 248 00:08:04,200 --> 00:08:06,690 For example, let's say you need to migrate 10 users 249 00:08:06,690 --> 00:08:09,030 from one learning management system into another. 250 00:08:09,030 --> 00:08:10,500 Now, it could take you four or five hours 251 00:08:10,500 --> 00:08:12,870 to code an automation to perform that migration, 252 00:08:12,870 --> 00:08:15,300 or you could spend 30 minutes by manually copying 253 00:08:15,300 --> 00:08:18,240 and pasting this information from one system to another. 254 00:08:18,240 --> 00:08:20,340 Now, if this was a task you have to perform every day 255 00:08:20,340 --> 00:08:22,050 by migrating 10 students over, 256 00:08:22,050 --> 00:08:24,570 then it would probably make sense to automate this process 257 00:08:24,570 --> 00:08:27,030 because it would cost you four or five hours one time, 258 00:08:27,030 --> 00:08:28,440 and then after about two weeks, 259 00:08:28,440 --> 00:08:29,940 you've already made up that time, 260 00:08:29,940 --> 00:08:32,250 because now, instead of taking 30 minutes a day, 261 00:08:32,250 --> 00:08:34,260 it's only going to take you one or two minutes a day 262 00:08:34,260 --> 00:08:35,850 to review the results. 263 00:08:35,850 --> 00:08:37,919 On the other hand, if this is a one-time task 264 00:08:37,919 --> 00:08:40,020 or something you do only every couple of years, 265 00:08:40,020 --> 00:08:41,370 it's really not going to make sense 266 00:08:41,370 --> 00:08:43,559 to spend four to five hours of automation 267 00:08:43,559 --> 00:08:44,970 instead of just spending the 30 minutes 268 00:08:44,970 --> 00:08:46,140 it would take you every few years 269 00:08:46,140 --> 00:08:48,660 to migrate those 10 user accounts manually. 270 00:08:48,660 --> 00:08:50,940 So remember, automation and orchestration 271 00:08:50,940 --> 00:08:54,000 offer immense potential to optimize secure operations, 272 00:08:54,000 --> 00:08:55,410 but their implementation 273 00:08:55,410 --> 00:08:57,630 should be guided by a strategic approach. 274 00:08:57,630 --> 00:09:00,000 By meticulously addressing the complexity of tasks, 275 00:09:00,000 --> 00:09:01,410 weighing the associated costs, 276 00:09:01,410 --> 00:09:03,000 mitigating single points of failure, 277 00:09:03,000 --> 00:09:04,200 managing technical debt, 278 00:09:04,200 --> 00:09:05,760 ensuring ongoing supportability, 279 00:09:05,760 --> 00:09:07,830 and focusing on automating or orchestration 280 00:09:07,830 --> 00:09:09,840 stable, repeatable processes, 281 00:09:09,840 --> 00:09:11,940 your organization can harness the full power 282 00:09:11,940 --> 00:09:13,530 of these technologies. 283 00:09:13,530 --> 00:09:15,930 Now, the decision to automate or orchestrate processes 284 00:09:15,930 --> 00:09:18,630 should really be informed by your specific needs, resources, 285 00:09:18,630 --> 00:09:21,030 and circumstances in your organization. 286 00:09:21,030 --> 00:09:22,230 Additionally, it's important 287 00:09:22,230 --> 00:09:23,730 that you conduct continuous monitoring 288 00:09:23,730 --> 00:09:26,370 and adaptation of your automation and orchestration systems 289 00:09:26,370 --> 00:09:27,510 to ensure they remain effective 290 00:09:27,510 --> 00:09:30,423 and in alignment with your organization's goals over time.