AI is not a shortcut for rapid IT automation. A holistic and, above all, deterministic approach remains necessary. Those who don’t do their homework and jump straight to AI are opening the door to unpleasant surprises.

Companies are investing massively in AI but forgetting the foundations of IT automation. Fragmented automation, or jumping too quickly into AI, poses a real risk to the security of IT environments. Those who skip the foundation and expect too much from AI will sooner or later encounter major problems. At least, that’s the view of Sathish Balakrishnan, Vice President & GM of the Ansible Business Unit at Red Hat, when ITdaily spoke with him in Antwerp during a European customer tour.

Balakrishnan has been with Red Hat for over thirteen years and, among other achievements, built the world’s first managed Kubernetes service, launched Azure Red Hat OpenShift with Microsoft, and developed the OpenShift service on AWS. Today, he leads the Ansible automation platform at IBM’s open-source specialist.

AI is flooding the foundations

The IT world is currently being flooded with AI initiatives, but according to Balakrishnan, many organizations lack the foundations to use them successfully. “Companies want to jump into AI projects before they can walk. What prevents them from deploying AI effectively within their IT infrastructure is a lack of automation,” Balakrishnan observes. “Companies can’t deploy their people to work with AI because they constantly have to go back to solve IT problems.”

"Companies can’t deploy their people to work with AI because they constantly have to go back to solve IT problems"

Sathish Balakrishnan, Vice President & GM, Ansible Business Unit bij Red Hat

This situation creates a vicious circle. Organizations park automation as something for quieter times while they dive into the next hype. But without automated processes, teams remain stuck in manual work and firefighting, preventing them from adequately embracing that new hype. The result can be that AI implementations are built on a shaky foundation, lacking the operational basis needed to run them reliably.

Critical investment

Balakrishnan calls automation nothing short of critical for business operations. Yet he sees organizations systematically postponing it. “Automation is something people do at the very end of their work. They’ve built an application and think: now I’m going to automate. But then the next project beckons and it never happens,” he explains. “No one disputes the value, but in practice, teams keep pushing it forward.”

According to Balakrishnan, the problem lies partly in human psychology. “Automation is one of those funny things: people think it applies to everyone around them, but not to themselves. It’s boring, and they think they might never have to do that one task again anyway.” Only when CIOs and executives label automation as critical and mandate that everything must be automated does he see real results.

Fragmented automation

Without that mandate from above, what Balakrishnan describes as fragmented automation occurs. Organizations automate their Windows environment, Linux systems, and network separately, each with different solutions. “That’s better than doing nothing,” he admits, “but if you don’t have a holistic view and don’t connect your automations, you lose their value.”

"Organizations think they are automating, but in reality, they are creating new complexity"

Sathish Balakrishnan, Vice President & GM, Ansible Business Unit bij Red Hat

According to the VP, fragmentation leads to a proliferation of tools, scripts, and standalone solutions that each tackle a small piece of the problem. The result is a patchwork that is difficult to manage, offers no overview, and largely negates the promised efficiency gains. “Organizations think they are automating, but in reality, they are creating new complexity,” Balakrishnan criticizes.

Total and integrated IT automation

According to Balakrishnan, the solution lies in a platform that spans multiple domains: network, infrastructure, compute, storage, various operating systems, and applications. He illustrates this with a concrete example regarding firewall configuration. “Suppose there is one engineer who knows the firewall and how it should be configured. Every application that uses those same firewall rules now has to rely on that same engineer.”

With an integrated platform, that knowledge can be captured in a playbook that every application developer can use. This provides three benefits:

   •    You simplify compliance and auditing because you know every application uses the exact same firewall rule.

   •    Application developers no longer have to wait for the firewall specialist, as they can implement the necessary configuration settings themselves immediately.

   •    The specialist can now focus on proactive matters, such as preventing ransomware attacks or developing new ideas.

“The platform translates the knowledge of one person and makes it available to the entire organization,” Balakrishnan further clarifies. Automation thus becomes more than just that: through a consistent platform approach, a library of knowledge and recipes for IT tasks is created that the entire organization can draw upon.

The role of determinism

Balakrishnan makes a clear distinction between two levels of automation. The first level he calls deterministic automation: task-based and without AI, containing, for example, configuration or policy rules. This form is predictable and repeatable, and according to him, forms the absolute foundation upon which everything else must be built.

Balakrishnan refers to automations like the firewall configuration mentioned above. A person with expert knowledge of the company’s goals, policies, and which systems are critical has developed concrete rules and turned them into an automation.

Without that deterministic layer, there is little point in adding more advanced forms of automation or AI integration. On the contrary: deterministic automation is the base layer that ensures processes run reliably and consistently, regardless of who executes them or when they run. Organizations that skip this step and want to jump straight to AI-driven automation are building on quicksand, according to Balakrishnan.

Event-driven automation

The second level is what Red Hat launched three to four years ago under the name event-driven Ansible. Balakrishnan outlines the problem: “There are many messages coming into your company. You have an observability tool, predictive analytics telling you a machine is going to fail or an application is leaking memory. But what good are all those insights if you can’t take action on them?”

"But what good are all those insights if you can’t take action on them?"

Sathish Balakrishnan, Vice President & GM, Ansible Business Unit bij Red Hat

More and more vendors are placing AI on top of their observability stack, but that doesn’t solve the core problem. “What’s the use of all those insights if you’re just standing there looking at them?” Balakrishnan wonders.

Event-driven automation sees those events and automatically takes action, but based on the previously defined deterministic automations: if X occurs, then Y must happen according to settings Z. This prevents situations where a problem occurs at three in the morning and no one notices or can intervene.

Tandem with AI

Here, AI and a deterministic automation platform work in tandem. An LLM can assess the context of a problem. Imagine a server showing signs of instability, likely to crash within half an hour due to a memory issue. The AI can assess how important the server is, but also take into account that IT professionals are on duty starting at eight in the morning.

At five to eight, it might be enough to report the problem so the final decision on a solution rests with a human. At five in the morning, that’s not an option, so the AI can decide to provision a new server, migrate services, and shut down the faulty server. The AI doesn’t do this itself via API calls, because an LLM is not deterministic and therefore won’t guarantee the exact same procedure every time.

In our example, the AI initiates the action, but it is executed via a clear recipe in a deterministic and predictable way. If humans had made the same decision, they would have executed it in the same way.

Automate first, then AI

The combination of the two forms of automation within a single platform creates, according to Balakrishnan, a safe environment where AI can play a useful role. AI then helps not as a standalone technology taking uncontrolled decisions, but as part of a structured whole where every action is traceable and auditable.

"Organizations must treat automation as a strategic priority and not as an afterthought they pick up when things get quieter"

Sathish Balakrishnan, Vice President & GM, Ansible Business Unit bij Red Hat

AI is therefore not a shortcut to secure IT automation. Generative AI and LLMs can only play a role when automation recipes exist to work with. Organizations should first develop a strategy, ideally via a coherent platform, before it makes sense to unleash AI on it.

“Organizations must treat automation as a strategic priority and not as an afterthought they pick up when things get quieter,” Balakrishnan concludes. “Those who do and invest in an integrated platform that spans all domains are not only laying the foundation for operational efficiency but also for a secure and responsible integration of AI in the future.”