SIGN IN
GET MORE INFO
BLOG

Random Acts of Automation – Take the Quiz!

The problem

IT shops are typically complex and are managing an array of moving parts. Keeping identities provisioned, licensed and secure, involves endless touch points. There’s the basics of ensuring that people in roles have access to the right applications, but most orgs quickly find that they still have a lot of gaps even after they deploy and configure a well-known IGA software product. IT professionals quickly discover, many applications aren’t covered, data still needs to be managed, recertification campaigns need to be kicked off at the right time, self-service needs to be implemented. There are literally hundreds of these scenarios. Buying an IGA was just the beginning. Many IT shops decide that solving the problems is either beyond the abilities of their IGA, or requires a tremendous amount of costly custom development. This in turn, creates a new problem of documenting and maintaining custom code.

Take the Quiz!

Not sure about this? Take the Random Acts of Automation Quiz with your team:

  1. Do we have any privileged scripts? Where’s the list?
  2. Do we have an identified owner of each?
  3. What systems and data do they touch?
  4. Where are they deployed?
  5. What credentials are being used with these scripts?
  6. How are the credentials stored / accessed?
  7. How are we protecting scripts from malicious modification?
  8. Is there an existing audit record showing who’s modified them and when?
  9. When was each of these scripts and their access audited?
  10. What mechanism will alert when the scripts are changed?

If any of these 10 questions make you take pause, then a serious team discussion in warranted.

The Lesser of Evils

Two choices remain: 1. Automate or 2. Stuff it into the ITSM and put bodies in place to fulfill. The manual fulfillment option is the obvious choice and gets the job done but it’s error prone, slow, and very expensive. Often, only the most painful of these tasks will get automated.

Automation

Many orgs will pursue a path that we refer to as Random Acts of Automation. When the pain becomes unmanageable, someone decides to write a script to address the problem. With an immediate win, another isn’t far behind. Then another, and it continues. Virtually every IT shop has these. Random scripts that “do something” that “someone wrote”, put on a server, and scheduled to run at certain points in the day.

Let’s be clear…these scripts can offer great relief. They are a quick fix to a problem(s) but they are the seeds of future problems. 

Risk!

In a nutshell… random scripts are NOT governed; and that is a major risk. Especially in a world where every organization is working to implement a governance model.

Scripts almost always run in an elevated, admin context, and they run against production systems and data. These scripts often wield greater power than the admins that wrote them. People move on. They forget. Departments evolve. Many orgs are shocked to find out the extent of their problem! Many of these scripts have been running for years and as long as the org is evolving, new scripts are likely being created to address new challenges. These scripts are prime candidates for a future breach!

History

How did we get here? “If it ain’t broke, don’t fix it.” There’s little desire to fix something that is working. These band aids get created, they work, the team moves on. Months later, the pain is long gone, and the band aid is forgotten. These build up. They are unmanaged, random, and therefore go undetected.

Awareness is key. Often, CISO’s aren’t aware that this is happening and so they are unable to govern it. Fixing this has to come from the top as part of a security initiative.

Discovery

The old adage: you can’t manage what you can’t measure. Starts awareness. A scan of all target servers and workstations that are likely to have automation scripts is a good start. Identity the potential sources; you might be surprised what you actually find.

Next, look for the low hanging fruit: are there embedded credentials? Is this running in an admin context. Get these ones identified and on the action list.

Remediation

The next step is taking measured action. To solve this, scripts will need to be co-located in a common repository where there’s some access governance. Scripts can be moved to folders, code signed, and credentials pulled from a vault. This is a big step forward, but still many controls remain missing. The organization will need to assign a capable script author and create a thoughtful implementation plan.

Going Forward

How will we handle auditing? How will we ensure that a script cannot be changed? How will we know if has been changed? How will we implement SOD? For these kinds of controls, typical of an ISO27001 shop, the bare-knuckles approach to automation becomes very complicated.

Automation Platforms

This is one area where products like ServiceNow have made their mark. They provide a very sophisticated, managed environment for automation. It’s one of the greatest things about ServiceNow beyond their ITSM services. A move in this direction, is an evolution beyond Random Acts of Automation. Everything is centralized, governed, secure and audited.

But not everyone needs or wants ServiceNow. There are many ITSM products and if you’re already a user of one of them, it likely isn’t feasible to make the switch to ServiceNow.

Compliment your IGA and ITSM Investments

That’s where Readibots Identity Automation comes in. Like ServiceNow, The READI platform is designed specifically for IT automation. Readibots offers IT shops a choice – a cloud-based automation platform that is technology agnostic. The READI platform is an agile, cost effective and integrates seamlessly with any IGA solution (Sailpoint, Oracle, IBM, MicroFocus, Saviynt and others) and any ITSM solution (ServiceNow, Cherwell, BMC, Freshdesk, SolarWinds and others.) With the READI platform, you get secure, governed automation at a fraction of the cost.

Are you READI to get started?

As a bonus, Readibots has a free assessment tool that will help organizations discover their scripts and identify the highest risks. In only a few hours, scripts can be cataloged, risk ranked, and if desired, migrated into the READI platform where they will become governed as part of a greater automation strategy.

Learn more about the READI platform at https://www.readibots.com

Copyright © 2021 Readibots Corp. All rights reserved.
chevron-down