There is no better time for network automation than now. The technology, market and people are mature and ready to embrace and benefit from this approach.
But how to start with network automation? In this interview with Scott Okupski, Global Practice Leader, Professional Services at Palo Alto Networks, we dive into what it takes to implement automation within networks and why automation is not just a choice but a necessity.
The hesitation connected with network automation often comes from fears of job redundancy, reluctance to adopt new technologies, and worries about losing control. However, reframing these concerns uncovers significant opportunities: automation enables teams to focus on strategic tasks, enhances skill sets, and improves network oversight with advanced tools.
This shift positions automation as a strategic advantage for operational efficiency and innovation. With people now having the necessary skills, mature tools, and established processes, this topic is more relevant than ever.
Palo Alto Networks stands out for advocating network automation and providing open-source tools that facilitate this transition. Our discussion will highlight the steps toward successful automation, address uncertainties, and showcase how automation brings value to engineers and organizations.
What, in your opinion, are the best strategies to ensure scalability and adaptability for network automation solutions?
Scott Okupski: Let me answer that from two perspectives - as a consultancy helping to deliver solutions and as a customer adopting a solution. As a consulting practice within a product company, we must integrate our platforms into the customer’s ecosystem. We can’t dictate the automation tools a customer should use, and we absolutely can not inject new tools into the customer’s environment. Our customers have invested in tools like ServiceNow, Ansible Tower, or the Hashicorp product suite. And it’s not sufficient for us to say, “Our product has an API.” APIs are just table stakes. You have to support integrations with industry-standard automation platforms. This is where services and consultancy add value.
In our case, for example, we build and maintain Terraform modules to manage Palo Alto Networks virtual firewalls using an “as code” approach with all the major public cloud providers. And we make our modules available as open source so customers or partners can use them without engaging our professional services team. We average 10,000 downloads per month. This is how we meet our customers where they are - by providing the IP they need to automate our products without introducing new technology. We help them improve the ROI on the orchestration tools they’ve already committed to. And we accelerate the adoption of our products so they see value faster.
From the customer's perspective, validation is the key to automation at scale. You need validation to provide confidence that you are getting the desired business outcome. Otherwise, you risk introducing changes at scale that aren’t accomplishing the objective. Automation eliminates the risk that a manual change will be incorrectly executed. But you’ve inherited the risk that you’ll perfectly execute an incorrect change. To minimize this, you must validate the network's health before and after the change and verify the change's efficacy.
In many shops, validation is still primarily a manual activity. Network engineers spend a lot of their time judging whether or not a given configuration change is working as intended. The benefits of network automation can only be truly realized if validation is automated so you have a zero-touch or low-touch workflow.
We’ve discussed that people, processes, and tools have matured to the point where organizations are ready for network automation. The fundamental motion is the ability to leverage version control. It adds traceability, collaboration, and audibility. Within our team, we also see how it improves the onboarding and up-skilling of engineers. Team members can see how and what others are doing. From a practical standpoint, this means that all your artifacts need to be versioned: configs, YAML files, Jinja templates, playbooks, scripts - everything. This is the discipline you need, and this is the place to start.
When did you first recognize the need to implement network automation to solutions offered by Palo Alto Networks and how did your cooperation with CodiLime start?
S.O: I was hired to create the Automation practice within Professional Services at Palo Alto Networks, so network automation was my mandate from Day 1. We had lots of cyber talent in the organization and pockets of automation expertise, but I quickly realized we needed a partner to scale quickly. I searched for partners with a combination of networking expertise and automation skills. CodiLime was the right fit for us. It was an easy choice.
Our first initiative was to create an infrastructure-as-code solution to help customers deploy our virtual firewalls in public clouds. We wanted consistent outcomes when delivering a project regardless of who was delivering it, and we wanted to improve efficiency. We have reduced the LoE for delivering these projects by 40%. We’ve subsequently open-sourced the software so it is available to partners and customers. We now average 10,000 monthly downloads across AWS, GCP, and Azure. So this is proof that customers embed our software into their pipelines and use it to run their business. It’s not limited to initial deployments.
Our next co-success was creating a Migration Factory that uses DevOps techniques to automate large-scale migrations to Palo Alto Networks firewalls - both hardware and virtual. Migrations can be disruptive and risky. They are also constrained by the availability of change windows. We use automation to deliver a consistent, reliable process that scales. The automation provides transparency and an audit trail. This gives customers the confidence to move quickly so they can realize the benefits of their investment in our firewall platform.
In what ways can Palo Alto Networks and their clients benefit from network automation?
S.O: Network automation provides three key benefits: it increases agility, reduces risk, and lowers the Total Cost of Ownership. The relative importance of these benefits varies from customer to customer, but you don’t have to sacrifice one for the other. When done right, network automation will deliver all of these benefits.
We sometimes use the term NetDevOps to reflect that solutions should incorporate the principles of continuous integration and continuous deployment—CI/CD—into device configurations, workflow changes, etc. This approach will improve network reliability, speed, and efficiency. You’ll have reduced downtimes, faster deployments, and more agile responses to the business.
Another super important benefit is improved security postures. You improve network security when you can routinely and confidently patch and upgrade your infrastructure. We all acknowledge the value of automation in reducing security incident response times. But, automation helps prevent security incidents by reducing the burden of maintaining your devices.
What emerging trends have you observed recently in network automation?
S.O.: The time has finally arrived for the mass adoption of network management using code. Although we have been evangelizing Infrastructure as code for years, our typical customer didn’t have all the pieces in place. Individual network engineers have been using scripts to improve their productivity for years. Now, organizations expect all network operations to be driven by automated workflows. They largely have the tools in place, such as version control, CI/CD, etc., and they’ve embraced open source as an essential part of their ecosystem.
Most importantly, the industry has reached a critical mass of network engineers who have grown up with automation. They are comfortable with Python, Ansible, and Terraform and they are comfortable with the practices of software development.
So, for us, as a consulting and solutions organization, it’s time to seize the moment and help our customers realize the benefits promised by network automation. It’s time to move beyond demos and slide shows at conferences - it’s time to get it done.
From a network security perspective, I would highlight three trends: Generative AI, security vendor consolidation, and compliance and regulation.
Generative AI has created an arms race between security professionals and attackers. Organizations must partner with security vendors with the scale and sophistication to incorporate AI into their products and services. But AI is not just an offensive or defensive weapon. As organizations rush to adopt AI for business solutions, they are creating another attack vector that hostile actors can exploit. Organizations must have the right balance between innovation and control as they incorporate AI into their toolkit.
A second trend in cybersecurity is that organizations are pursuing security vendor consolidation. They don’t want to stitch together best-in-breed point solutions. Instead, they want comprehensive solutions from technology partners who can take responsibility for large segments of their security posture and prevent dashboard overload so their teams can focus on meaningful threats. And the best of these enterprise-scale platforms are designed with automation in mind. This is helping to drive network automation.
And last but not least, compliance and regulation. Regulators are increasing their expectations of organizations and even individuals. Last November, the U.S. Securities and Exchange Commission charged SolarWinds and its Chief Information Security Officer with Fraud and Internal Control Failures 
. Traceability and auditability might be the most significant drivers for network automation in 2024. It will be increasingly hard to argue that manual processes provide sufficient control.
What will be the next big breakthrough in network technology, and what steps should businesses take to adapt?
S.O: There is no question that generative AI is the next breakthrough. It's already happening. Palo Alto Networks is a leader in using machine learning and AI in our products. However, we also use generative AI to improve our services. One example is our AI bot that makes upgrade recommendations based on a customer’s configuration and the features that are most important to them.
Another example is using AI to translate configs from third-party products to Palo Alto Networks configs during migration projects. We are also beta testing bots that tailor our standard Terraform modules to customer-specific use cases. And we’ve just scratched the surface on using AI to improve the efficiency of our consultants.
Last but not least, what would you say to those hesitant about transitioning into network automation?
S.O: Don’t worry, the water’s fine. Jump right in!
–
Scott Okupski – Global Practice Leader, Professional Services at Palo Alto Networks
Scott is a Professional Services leader at Palo Alto Networks. He leads a global practice of consultants who are experts in automating network security deployments and operations.
Prior to his work in network automation, he led Professional Services teams at a variety of founder-led FinTech firms. He led re-orgs to better manage the “collective wisdom” and improve the leverage of senior consultants. He helped create a Client Services group during one firm’s initial move into North America. This was a start-up culture where he hired the team, developed "best practices" and managed initial client projects. He was subsequently promoted to Global Head of Professional Services.
He believes Professional Services consultants are the ambassadors of technology firms. The partnerships they build with customers are more valuable than any technology. He loves building teams that reward great work and allow people to grow. He is most proud of his efforts to promote great consultants into leadership roles where they can groom the next generation of talent.
