See how to use PPA to delegate access to AWS billing data
26
May 2020

Imagine If Business Users Could Get Their Own AWS Data

Mark

Warren

A Typical Day for IT

"Hello, IT Help Desk, how can I help?"
"Hi, it's Mark in Finance. I'd like some information about our AWS charges"
"Ah ... OK. What do you need?"
"A breakdown of charges in the UK for the last 6 months"
"Was that 3 months?"
"No - 6 months"
"Ah, right, so US charges for the last 6 months"
"No - UK charges"
"Right, got it. UK charges for the last 6 months. OK. I'll raise a ticket for Amy for when she's back"
"What?"
"Amy's on a training course, she'll be back Monday"
"I need the data today!"
"Well, I could ask her team lead, she might be able to do it this week"
"Did you hear the 'today'?"
"Ah, sure. Ummm ... let me raise a ticket with high priority."
"I give up ..."

Does that sound familiar? No-one is happy with this kind of conversation. The Help Desk agent didn't give great service (and ends up with an open ticket against her metrics). The customer (Mark) didn't get what he needed so he may not be able to do his job and may well try to bypass IT next time. IT management won't be happy because their customer satisfaction stats will take a hit and, besides, they really don't like not being able to help.

But, sadly, this is a common situation. IT have highly-experienced and trained administrators and they've very good at their job. But that means they're also in high demand. Besides, they like being challenged so doing routine tasks like extracting billing data from AWS isn't the most interesting job they could be working on.

The customers, the staff out in the Finance, or Sales, or HR teams, can't be trusted to do the work themselves. They don't know how to use complex tools like the AWS portal and they'd need Administrator account credentials which means they could either get access to more data or tools than they should, or they may make mistakes that affect the business. Even more worryingly, they may (intentionally or unintentionally) expose those administrator credentials to a potential attacker.

Is there a solution?

With Privileged Process Automation (PPA) it is possible to automate a task such as retrieving AWS billing data. You can see it in action in this video above.

PPA takes care of the Administrator credentials which are never exposed to the user. Because the task is fully automated, the user doesn't need to know anything about how the AWS management portal works, and they can't do anything they shouldn't. And, because the user is driving the process, they can be sure to get exactly the data they want in the format they need without multiple calls to the IT help desk, and when they need it.

This is just one example. Automation can be provided for Azure or any other system you use. But it could also be used for NetOps, SecOps, HR processes, and much more.

Imagine if you could safely delegate tasks to line of business users. Imagine they could get the data they need without having to call IT. Imagine what you could do with the time freed-up ...

PPA is a highly flexible framework limited only by your imagination. You can seem more examples at https://osirium.com/ppa.

If your imagination is fired up, get in touch and let's talk about how PPA may be the solution.

Click to chat