DEV Community

Robert Rees for We Got POP

Posted on

1

Why is it worthwhile automating security?

I sometimes think you can divide clients into three groups:

  • Those who care about security
  • Those who want to tick the boxes on security
  • Those who don't know yet that they care about security

The good news is that creating an automated security infrastructure helps all three.

If you client cares about security they want proof that you are doing what you say you are doing and that you regularly review and monitor it. Automation provides all the reporting and proof without you having to do anything about it.

Those same reports allow you to tick the boxes with people. If you didn't have them then you'd have to go through a manual process to dig up the information and supply it adhoc as the review process requires.

Before we had some of the automation that we do now that's exactly what I had to do. It could be painful to find the right information, sometimes it would be out of date or would reveal a problem that needed to be resolved before we could respond because we weren't reviewing things frequently enough.

Often all of this would be happening under time pressure because the security review was linked to a sales opportunity we were trying to secure (generally the entertainment industry loves working to deadline and hates to do anything it doesn't have to). That made everything more stressful than it needs to be.

Once you have automation in place I've found that we've reduced some of our review processes with potential clients to a few days. We probably spend more time discussing cloud infrastructure than the security side of things.

Finally what about those clients who don't yet care about security. In my experience those clients are happy to take risks with what they are doing but when things go wrong it often turns out that they did have security expectations about the service you were providing but failed to articulate them because often they don't understand how technology works that well.

The good news is that automation helps them too as the cost to build automation is really all in the setup. Operationally we've been able to throw and umbrella over our clients and marginal additional cost. All you need is one client who really cares about security and you can make a step improvement for all of them.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more →

Top comments (0)

Billboard image

Try REST API Generation for Snowflake

DevOps for Private APIs. Automate the building, securing, and documenting of internal/private REST APIs with built-in enterprise security on bare-metal, VMs, or containers.

  • Auto-generated live APIs mapped from Snowflake database schema
  • Interactive Swagger API documentation
  • Scripting engine to customize your API
  • Built-in role-based access control

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay