Your governance blind spot – hiding in plain sight

First, let’s consider what a blind spot is. Any responsible executive that knows about their blind spot, no longer has a blind spot. So, keep an open mind here. Trust me, you have a blind spot.

I have talked with IT execs at all levels. These folks are not just responsible for a secure organization, they are liable. So, when we talk about blind spots, there’s generally some interest.

Next, I tell them … your IT team is managing the infrastructure using PowerShell. It’s the language of IT. PowerShell IS how you get granular control of systems, and it is how IT shops run. At that point, I get one of two blind spot responses:

1. We’re good. We don’t use PowerShell. We’ve locked it down.
2. A blank stare.

First, let’s look at why this is even an issue… some background:

In the 90’s, I sat with a number of enterprise IT pros in a group called “MECF – Microsoft Enterprise Customer Forum.  We met quarterly at Microsoft Redmond campus to advise them on challenges using their software in the enterprise. Microsoft was emerging into the enterprise computing space and there was much to be learned. As early adopters of their technology, there was an ongoing need for feedback, most of it centered around challenges with administration of the systems. Microsoft was emerging out of the desktop space, and the only way to manage the infrastructure was either by mouse and keyboard, or as a developer with API’s. This made it exceedingly difficult for IT staff to manage their systems.

Over the following decade, Microsoft’s offerings became more sophisticated, but it wasn’t until 2006 when the Monad project evolved into PowerShell that enterprise administration came into its own. IT teams could now manage the applications using a command line and batch scripts, more the way a UNIX admin would.

Now, 15 years later, PowerShell has grown into an extremely capable scripting language. Almost every enterprise software and hardware vendor has exposed their product through PowerShell modules. It is the go-to tool for IT people to effectively manage infrastructures: hardware and software of all flavours.

So, when I hear someone say, “we don’t use PowerShell” I think, either you don’t understand the scope and use of PowerShell, or you have an IT team that has had their right hands cut off. It makes no sense.

So, what’s the problem?

Consider the above context. PowerShell talks to everything. It typically does it within administrative security contexts. It is used interactively at the command line, and extensively in batch mode with scripts that automate operations. It is a hacker’s dream. It has been exploited before, which has led many an organization to shut it down.

But herein is the confusion. PowerShell is shutdown at the user desktop, but not for IT staff. They can’t function without it. So, execs believe that it’s shut down, but it’s not. It’s alive and well. This is where the security blind spot comes in.

“PowerShell is almost never shutdown on domain controllers and servers – that is the main blind spot of concern. 100% guaranteed, they aren’t running it in signed-only mode with a code signing certificate. Organizations should review the active exploitations in the Mitre Framework via Powersploit ”

Michael Howden, director of security services, Novacoast

Let me say this: PowerShell is ADMINISTRATIVE and UNGOVERNED – a dangerous combo. There is no auditing, no change log, little control over access, it encourages dangerous behavior like embedding credentials in script – it is a serious security risk which executives should immediately address. It is also a blind spot because execs believe that the problem has been resolved by disabling it at the end-user desktop.

Most organizations have dozens if not hundreds of scripts. Some used on demand, some on scheduled basis. Some live in Azure Runbooks. It’s all over the place. I have personally witnessed the most sophisticated of enterprise IT shops fail security audits because of this.

Now the good news!

There is a solution. READI yourself – here comes the promotion

The READI Platform quickly identifies PowerShell scripts on your network, examines the script content for unsafe practices, ranks them for risk, and with minimal effort, moves them into their new secure, governed home in the READI Cloud Platform. It really couldn’t be easier to eliminate a major security gap.

Welcome a new, secure, governed, roles-based access method of automating with PowerShell. Auditors and security professionals can be provided reviewer access while admins can be provided “just enough” access to get the job done.

The READI Platform provides a cloud-based security and governance framework that enables enterprise customers to continue leveraging PowerShell automation while meeting infosec requirements. And best of all, it won’t break the bank. The READI Platform is an affordable and immediate solution that will have executives and board members thankful that a major gap has been identified and quickly closed.

Lock it down now with Readibots.com