Use case
Automated Policy as Code with Red Hat Ansible Automation Platform
Automate compliance and policy enforcement across the full operational life cycle—from creating automation to managing IT processes at scale.
Overview
As IT environments evolve to accommodate AI innovations and hybrid cloud complexity, the growing impact of downtime, security breaches, and human error has made companies increasingly reliant on governance, risk, and compliance (GRC) policies. By automating Policy as Code (PaC), organizations can more efficiently enforce internal and externally-mandated policies—both during the creation of automation and as it is used to manage operations at scale.
PaC involves writing operational policies and best practices into automation code, so that internal requirements, security needs, and granular mandates are built into every process. Red Hat® Ansible® Automation Platform will soon help you automate PaC to consistently enforce policies across teams and minimize downtime, boosting confidence in your operations.
Once delivered, Ansible Automation Platform’s PaC capabilities will automate governance from a single platform and apply policies to desired IT actions in a documented, consistent way—so that compliance is automatically enforced in everything you do across operations and domains.
Create
Enforce policies during the creation of automation code.
Apply GRC policies without slowing down development productivity or the creation of new automation content. Ensure consistent enforcement of policies from the start.
Manage
Integrate policy enforcement before or during automation runs.
Apply policies across the operational life cycle—including Day 0, Day 1, and Day 2 processes. Check automation against policies before executing. Control costly infrastructure actions, like limiting cloud instance sizes.
Scale
Simplify reporting and easily identify out-of-policy areas.
Efficiently complete audit and reporting to improve team productivity. Automatically identify out-of-policy technologies and align them quickly.
Use cases for getting started
Red Hat recommends a “start small, think big” approach to automation adoption—and automated Policy as Code is no exception. The following use cases are good starting points for automated policy enforcement, and you can always grow from there. In fact, we would like your input on use cases. Join the Ansible Policy as Code advocacy group to share ideas and learn from others.
Cloud cost control
Implement policy checks around cloud instance provisioning to manage the size or other aspects of an instance, helping to manage cloud costs and avoid sprawl.
Security management
Enforce desired security policies to help mitigate risks. For example, limiting operations to a certain firewall port or controlling access point exposure.
Technology-specific enforcement
Apply policies that are tailored to the technologies you use, such as specific server settings by model or specific types of access by cloud provider platform.
Automation creation and run-time checks
Enforce policies when automation is created to ensure IT actions consistently follow set standards—like using only approved and tested operating system packages or aligning with business processes.
Out-of-policy reporting
Automatically create audit reports or generate “out-of-policy” reports, saving time for development and operations teams—and enabling a tighter focus on key priorities and further actions.
Event-driven policy automation
Trigger policy checks as part of event-driven automation runs. For example, automatically enforce specific policies and create notifications when certain events occur.
Join our webinar: Automating Policy as Code for consistency and compliance
On June 18, 2024 at 11 AM EDT, our technical experts will present our current vision of automated Policy as Code. We’ll explain how to:
- Build policy compliance into Ansible Playbook development.
- Trigger automated responses using PaC capabilities with event-driven automation to quickly address compliance gaps and security risks.
- Enforce policies in cloud operations to reduce risks and control costs.
- Prepare for and get started with automated Policy as Code.
FAQs
How can I start preparing for automated Policy as Code today?
First, join the Ansible Policy as Code advocacy group to access content, best practices, and use case ideas we’re sharing. Next, design your use cases so you know where you’ll start in your own “start small, think big” model. It also helps to adopt an Automation as Code strategy so that your sources of truth—such as standard configuration files—are all stored in a single repository. Keep tabs on the advocacy group and this webpage for announcements about the preview of this technology.
Why should I join the Ansible Policy as Code advocacy group?
In the Ansible Policy as Code advocacy group, we will be sharing best practices to help you get up and running more quickly. This technology can still be shaped by each of you, so this is a great chance to share your ideas and learn from others. We will also share details about upcoming virtual events with members of the advocacy group.
Can’t I already use Ansible Automation Platform to automate Policy as Code?
Yes, you can. However, it typically involves manual coding. This makes it more time-consuming and requires some coding knowledge to accomplish. As a result, this approach to automating PaC is usually limited to only a few key areas. Once Ansible Automation Platform’s automated Policy as Code solution is delivered, you will be able to apply it to a broader set of use cases, helping to make your operations more efficient and consistent—and less vulnerable to potential security risks.
Partners: Join the automated Policy as Code ecosystem
Partners can work with Red Hat to develop automated Policy as Code in two ways:
- Create Ansible Content Collections to help shared customers implement best practices using automated Policy as Code. This is a means of codifying the best practices customers should follow to optimize success with your solution.
- System integrators and resellers can include automated Policy as Code as part of service offerings—such as part of an automation or compliance practice—to help customers advance on their automation journey.
If you would like to participate in the Ansible Automation Platform ecosystem, please join this Ansible Policy as Code partner forum for automated Policy as Code. You can request a meeting via the partner forum or reach out to your Red Hat partner account manager, if you have one.
Keep learning
CHECKLIST
6 reasons to automate Policy as Code for better compliance
Explore 6 key benefits of using automated Policy as Code (PaC) for GRC practices.
BLOG POST
A look into Policy as Code: why now and how can it help?
Get more details about how automated PaC can help you ensure compliance and inspire operational consistency.
CHECKLIST
4 ways to prepare for automated Policy as Code
Development and operations teams can take these steps now to get ready for automated PaC.