Cosmos Series Part 3: The Importance of Automation

This is Part 3 of a four-part blog series sharing learnings from our journey to optimize the people, processes, and technology powering the platform for our Cosmos managed service. Watch this video to learn how Cosmos combines attack surface technology and expert testing to deliver continuous threat exposure management while reducing the burden on security teams.

Part 3: The Importance of Automation

In earlier blog posts, I covered how the core architectural principles of the Cosmos platform and how we’ve redefined work with our product and engineering teams. Today, I will highlight how our engineering group is continuously improving our processes and infrastructure. Our transformation from manual processes to automated excellence has revolutionized how we build and deploy security capabilities.

In 2023, our processes for monitoring, releasing, and managing the Cosmos platform were largely manual. Since then, we’ve transitioned to highly automated integration and deployment processes, and changed how our teams write code for the platform.

We have quickly adopted high levels of automation for building and deploying code. We standardized our code repositories with common templates which made it easier to automate the creation of new code repositories. We also heavily leveraged repository automation for pull requests, branch mergers, and deployments. These automations have brought about significant improvements, such as the ability to build and demonstrate a new testing framework in under a week.

Writing code has changed as well. As all our infrastructure is code, writing code has simplified. Only code from our repositories makes its way into any environment, including the definition and processes themselves. With the entirety (environment and platform) generating itself from our code repositories, local development, disaster recovery, scaling, and all the other ‘running a platform’ processes become simpler and consistent. For example, adding a new, usable testing framework can take a few days. Monitoring and auditing don’t require third parties to mash and munge logs. And, of course, any change can be immediately reversed if found to be problematic. Thanks to these changes and architectural improvements, our deployment velocity has increased significantly, while the consistency and predictability in our deliverables increased.

Automation changes how our engineering and product teams approach their work on Cosmos, improving their ability to deliver new features and capabilities quickly. In my next blog, Results-Oriented Critical Thinking, we will review how we’re further supporting our teams’ velocity by changing where we start solving a problem.