BLOG

January 16, 2024

Random Acts of Identity Automation – Take the Quiz!

Kevin Foisy

CEO and Founder

Post Image

The problem

IT shops are typically complex and managing an array of moving parts. Keeping identities provisioned, licensed and secure, involves endless touch points. There’s the basics of ensuring that people in roles have access to the right applications, but most organizations quickly find that they still have a lot of gaps even after they deploy and configure a well-known IGA software product. IT professionals quickly discover, many applications aren’t covered, data still needs to be managed, recertification campaigns need to be kicked off at the right time, self-service needs to be implemented. There are literally hundreds of these scenarios. Buying an IGA was just the beginning. Many IT shops decide that solving the problems is either beyond the abilities of their IGA, or requires a tremendous amount of costly custom development. This in turn, creates a new problem of documenting and maintaining custom code.

Take the Identity AutomationQuiz!

Not sure about this? Take the Random Acts of Identity Automation Quiz with your team:

  1. Do we have any privileged scripts? Where’s the list?
  2. Do we have an identified owner of each?
  3. What systems and data do they touch?
  4. Where are they deployed?
  5. What credentials are being used with these scripts?
  6. How are the credentials stored / accessed?
  7. How are we protecting scripts from malicious modification?
  8. Is there an existing audit record showing who’s modified them and when?
  9. When was each of these scripts and their access audited?
  10. What mechanism will alert when the scripts are changed?

If any of these 10 questions make you take pause, then a serious team discussion is warranted.

The Lesser of Evils

wo choices remain:

1. Automate or

2. Send it  the ITSM and manually fulfill

The manual fulfillment option is the obvious choice and gets the job done but it’s error prone, slow, and very expensive. Often, only the most painful of these tasks will get automated.

Random Identity Automation

Many organizations will pursue a path that we refer to as Random Acts of Automation. When the pain becomes unmanageable, someone decides to write a script to address the problem. With an immediate win, another isn’t far behind. Then another, and it continues. Virtually every IT shop has these. Random scripts that “do something” that “someone wrote”, put on a server, and scheduled to run at certain points in the day.

Let’s be clear…these scripts can offer great relief. They are a quick fix to a problem(s) but they are the seeds of future problems.

Risk!

In a nutshell… random scripts are NOT governed and likely not documented; and that is a major risk. Especially in a world where every organization is working to implement a governance model.

Scripts almost always run in an elevated, admin context, and they run against production systems and data. These scripts often wield greater power than the admins that wrote them. People move on. They forget. Departments evolve. Many orgs are shocked to find out the extent of their problem! Many of these scripts have been running for years and as long as the org is evolving, new scripts are likely being created to address new challenges. These scripts are prime candidates for a future breach!

History

How did we get here? “If it ain’t broke, don’t fix it.” There’s little desire to fix something that is working. These band aids get created, they work, the team moves on. Months later, the pain is long gone, and the band aid is forgotten. These build up. They are unmanaged, random, and therefore go undetected.

Awareness is key. Often, CISO’s aren’t aware that this is happening and so they are unable to govern it. Correcting this has to come from the top as part of a security initiative.

Discovery

The old adage: you can’t manage what you can’t measure. Starts awareness. A scan of all target servers and workstations that are likely to have automation scripts is a good start. Identify the potential sources; you might be surprised what you actually find.

Next, look for the low hanging fruit: are there embedded credentials? Is this running in an admin context. Get these ones identified and on the action list.

Management and Governance

The next step is taking measured action. To solve this, scripts will need to be co-located in a common repository where there’s some access governance. Scripts can be moved to folders, code signed, and credentials pulled from a vault. This is a big step forward, but still many controls remain missing. The organization will need to assign a capable script author and create a thoughtful implementation plan.

Going Forward

How will we handle auditing? How will we ensure that a script cannot be changed? How will we know if it has been changed? How will we implement SOD? For these kinds of controls, typical of an ISO27001 shop, the bare-knuckles approach to identity automation becomes very complicated.

Identity Automation Platforms

This is one area where products like ServiceNow have made their mark. They provide a very sophisticated, managed environment for identity automation. It’s one of the greatest things about ServiceNow beyond their ITSM services. A move in this direction, is an evolution beyond Random Acts of Automation. Everything is centralized, governed, secure and audited.

But not everyone needs or wants ServiceNow. There are many ITSM products and if you’re already a user of one of them, it likely isn’t feasible to make the switch to ServiceNow.

Compliment your IGA and ITSM Investments

That’s where Readibots Identity Automation comes in. Like ServiceNow, The READI platform is designed specifically for IT automation. Readibots offers IT shops a choice – a cloud-based automation platform that is technology agnostic. The READI platform is  agile, cost effective and integrates seamlessly with any IGA solution (SailPoint, Oracle, IBM, MicroFocus, Saviynt and others) and any ITSM solution (ServiceNow, Cherwell, BMC, Freshdesk, SolarWinds and others.) With the READI platform, you get secure, governed automation at a fraction of the cost.

Are you READI to get started?

The READI Platform provides management and governance over scripts which already exist as well as providing a platform for you to build more with governance.  As a bonus, Readibots has a free assessment tool that will help organizations discover their scripts and identify the highest risks. In only a few hours, scripts can be cataloged, risk ranked, and if desired, migrated into the READI platform where they will become governed as part of a greater automation strategy.

Recommended Reading

Access Studio: Customizable Web Apps

In this video, David Bullas demonstrates how to turn raw data into a secure, customizable web application using Access Studio. Watch as David walks through creating data sources, pages, and roles to build a fully audited, role-based app in just 3 minutes—without any complex coding. Learn how Access Studio enables seamless delegation of actions and […]

Read More
Access Modeling with Access Studio

Traditional IT solutions force businesses into rigid structures that don’t fit their organization. Access Studio with organizational modeling changes the game by providing a logical view of your organization, improving security, and streamlining compliance—all while giving teams the flexibility they need. See how modeled access transforms identity access and administration, and accelerates business operations in […]

Read More
Access Studio Product Overview

Align Identity Access & Administration with your Business Needs -Lower access and administration costs with automated repeatable tasks.-Ensure you meet compliance requirements with a new control plane.-Dramatically improve SLAs automated governed processes.-A new level of business agility! Readibots control plane allows for major organizational change without operational impact.

Read More
Our readibots expert is ready to understand your unique challenges and discuss how we can help.
Readibots START A CONVERSATION