A guest post by Osirium – privileged access and IT process automation specialists.
IT Process Automation lets you deliver better service and focus on the important
IT Process Automation is a broad term covering multiple technologies involved with automating tasks in IT organisations. It involves multiple technologies because the work in IT teams is very wide ranging – from provisioning accounts for new starters to configuring hardware to keeping attackers at bay.
Many tasks in IT are fairly repetitive, but they aren’t robotic. Tasks like resetting a user’s password should involve at least some human oversight to ensure that it’s a genuine request and not opening an account for an attacker. Checking a server is performing as expected sounds straightforward, but responding to the results is still best done by a human. Although automation in the form of “Security Orchestration and Automated Response (SOAR)” has had a lot of attention and provides some benefit, the reality is that exceptions are still complex and need manual intervention.
And no-one really knows what’s going on with those scripts –what are they doing? There’s no audit trail, and there’s no way of including request and approval workflows before executing an operation.
What’s wrong with traditional IT automation?
Automation is already being used, but they’re not 100% successful or widely adopted. Why?
Automation with scripts is costly and risky
IT experts and systems administrators have always been very creative at avoiding boring repetitive work. Using tools such as Bash scripts on UNIX/Linux or PowerShell on Windows can bundle sets of commands that need to be run repeatedly.
But they also introduce new issues. Those scripts are very personal, they sit on that Admin’s desktop and no one else knows they exist so the same script gets created multiple times, each one slightly different. Those scripts will need user credentials, often administrator credentials, to perform the commands they need. Scripts don’t have a good way to securely protect those credentials so dangerous short cuts are taken such as coding the username and password right in the script!
RPA for IT Automation
Robotic Process Automation (RPA) could be considered “traditional” automation as its become so familiar in many business operations. The concept of software robots tells its own tale: robot processes are very good at performing the same task over and over when little or nothing changes around them. That’s why so many robots are deployed on production lines.
Developing workflows or scripts is an expensive task. To build scripts that have a potential for success even with variable data takes a lot of skilled coding or learning. If a task is performed enough times and would be costly when performed manually at scale, then the cost and time taken to develop those scripts may be worth the cost. But many IT tasks are that time-consuming or have that kind of volume, so RPA scripts are just too expensive or complex for IT tasks.
IT Service Desk Automation
Many IT Service Desk tools, for example ServiceNow, include automation features. These can be extremely powerful workflow automation systems. But that automation is designed to support specific workflows. For example, how a change request raised by a business user is assessed, routed for approval and then allocated to an engineer to implement. At that point, the automation pauses. Ultimately, that engineer has to login to a service, system or device to make the change. Ideally, they will update the change request ticket with all the information related to change, but in reality they may only record that the change happened and there won’t be any audit trail showing exactly how the change was made.
Osirium Automation is the answer for IT Process Automation
As we’ve seen, each of those different automation technologies have their own benefits but also their own costs and risks.
Osirium Automation has been built with the purpose of securely automating IT processes in a way that best suits IT organisations. Here are a few headlines:
Security built-in: All credentials needed to access services and devices are stored in a secure vault such as HashiCorp or Osirium PAM. They’re never passed back to the user’s workstation so not exposed on the endpoint or network.
Easy to build automations: Automation includes a low-code development and publication system that makes it easy to build new tasks, also known as “automated playbooks” in YAML. Osirium provide a repository of free plug-ins and pre-built tasks to use as a starting point.
Built-in approvals: Automation tasks can include requests and approvals. Notifications of requests can be routed via email, Slack or Teams so the approver gets the notification where they want it.
End-to-end audit trails: The entire task is recorded as a complete audit trail. Even if a task touches multiple systems, there one place to see all the logs without having to trail through multiple log servers.
Human-friendly automation: Automated tasks are presented in a human-friendly, conversation style. If the task can be fully automated, for example, check a server is running, no interaction may be needed. But a task that needs choices can be as easy as you want. Many tasks can be safely delegated to help desk engineers or business users as they can’t do anything they shouldn’t and there’s always an audit trail.
Scheduling and integration: Osirium Automation has a rich API making it very flexible in use. It supports scheduling of tasks (for example, checking server performance or running a backup). It also allows for integration into existing corporate portals or service desk tools. In the earlier example of the service desk system delegating a task to an engineer, that step could be replaced by invoking an Automation task which will update the change request with the full audit trail when completed.
The future: Hyperautomation and choosing the right tool for the job
Gartner use the term “hyperautomation” to describe the need for multiple styles of automation for different tasks across the business.
Osirium Automation is a perfect fit to complement RPA and other automation tools. Unlike complex and expensive RPA tools, Automation can be up and running in minutes.