How Network Automation Increases Security

This blog post was initially sent to subscribers of my SDN and Network Automation mailing list. Subscribe here.

After publishing the Manual Work Is a Bug blog post, I got this feedback from Michele Chubirka explaining why automating changes in your network also increases network security:

  • I can restrict access to devices except through programmatic methods. Direct access to a device or host should be the exception, not the rule. Have “break glass” methods to access console in an emergency.
  • I can also write security and compliance playbooks to validate that automation code is compliant with standards and baselines. This is much easier for governance teams to review and validate.
  • I can keep all deployment code in a single repository and manage it just like all my other code, making revision control and integrity management much easier.
  • By using automation, just like a CI/CD pipeline, I can use the same deployment methodology: blue/green deployments, rollbacks, etc….

But the most important thing is that with automation, I can create immutable devices in alignment with the rest of my DevOps “cattle.” No more pet or snowflake hardware. It’s not just about eliminating manual work, but creating repeatable, modular processes. The goal is to think like a programmer and less like a pieceworker in a sweat shop.

Want to get there? Start with network automation webinars to get your bearings and join the network automation online course to build your first network automation solution.


  1. Sounds good but as always reality is different.
Add comment