IT Process Automation

IT Process Automation delivers better service and security

IT Process Automation (ITPA) is an emerging solution for improving a business' IT service.

Many automation technologies are already being used, but they have various limitations and risks.

Business process automation, using Robotic Process Automation (RPA), has been growing in popularity in many business areas as part of digital transformation initiatives and it's easy to see why.

Business processes such as validating invoices or performing credit checks are good candidates for automation. They're highly repetitive, with well defined processes and standardised inputs.

Human beings aren't particularly efficient at these mechanical tasks. it's far too easy for human error. On top of this, it is often time wasted by the workforce that could be better utilised on more important tasks that can’t be automated. Investment in automation technology to deploy "software robots" to perform these operations can be very effective.

However, IT is usually very different. Although they may be performed many times a day, they aren't robotic. Tasks like creating accounts for a new starter should involve at least some human oversight to ensure that it's a genuine request.

Checking a server is performing as expected sounds straightforward, but it still needs the expertise to run the appropriate commands and understand the response. Deciding what is best to do with the information is still best done by a human.

Automation in the form of "Security Orchestration and Automated Response (SOAR)" provides some benefits, in particular when running automated processes after a security breach. However, many IT jobs need human review before taking action rather than being executed as fast as possible after an incident.

And no one knows what's happening with those scripts – what are they doing? There's no audit trail and no way of requiring approval before executing an operation.

Traditional IT automation isn't fit for purpose

IT teams have been using automation since the earliest days - mainframes used JCL and REXX. More recently, IT teams have used many different automation technologies, but they're not 100% successful and may be introducing unexpected security risks.

Most IT work starts with service requests, usually via a help desk who may review requests before being passed onto the relevant experts. Those experts may use infrastructure automation, for example using Ansible, to update a network device. Others may use PowerShell scripts to update Microsoft servers, while others may do all their work manually.

Why aren't more IT processes automated, and what are the issues with traditional automation platforms?

Automation with scripts is costly and risky

Most servers providing some technology for automation. On Windows, it's PowerShell. On UNIX and Linux, there are a variety of shells with their own scripting such as BASH.

But these tools were never designed for security or enterprise use. Scripts are very personal as they sit on that Admin's desktop or their home folder. No one else knows they exist, so many scripts doing the same job get created, each slightly different.

Scripts will need user credentials to be able to function. Often those credentials will need elevated administrator credentials to perform the commands they need. Script engines don't have a good way to protect those credentials securely. As a result, dangerous shortcuts are taken, such as embedding the username and password in the scripts.

RPA for IT Automation

Although it's a relatively recent innovation, Robotic Process Automation (RPA) could be considered "traditional" automation. It's become familiar and successful in many business scenarios. Built around the concept of software robots indicates where RPA can be most successful.

Robot processes are very good at performing the same task repeatedly, at high volume, when little or nothing changes around them. Just like robots replacing people on manufacturing lines, software robots are built to replace humans in business process.

With RPA systems, building automation workflows or scripts is expensive and requires specialist skills. To increase the chance of successful automation scripts needs skilled coding or learning and understanding of business processes.

If a task takes a lot of human effort and is performed enough times then the cost and time taken to develop those scripts is justifiable. However, many IT tasks aren't repeated hundreds or thousands of times per hour and many don't take too long for an expert to complete. As a result, RPA is not a good fit for most IT tasks.

IT Service Desk Automation

Many IT Service Desk tools, such as ServiceNow, include workflow automation. These can be extremely powerful workflow automation systems but they're designed for automating the change request process, not implementing the change.

For example, a workflow will define how a change request raised by an end-user is assessed, routed for approval and then allocated to an engineer to action. The automated workflow effectively pauses while the manual change is made.

Ultimately, that engineer has to log in to a service, system or device to make the change. Once the change is complete, they will update the change request ticket with all the change-related information. As it's a manual operation, they may only record that the change happened not the details of what was changed. There won't be any audit trail showing exactly what happened or evidence to show approved processes were followed.

IT Process Automation with Osirium Automation

As we've seen, each of those different automation technologies for IT process automation (ITPA) has its benefits but also costs and risks. Osirium Privileged Access Management (PAM) included the Privileged Task Management (PTM) module from its earliest days - a unique capability for a PAM tool.

Automated scripts using PAM as a password vault, is sometimes known as Privileged Task Automation (PTA). PTA is not a complete or secure solution for IT automation as the PAM tool isn't performing any automation and it needs separate tools (the automation engine and the PAM tool to be configured separately).

The Osirium PAM approach is a single solution for automating privileged tasks. It can securely execute commands on devices through the PAM server so credentials are always protected. It's a great solution for relatively simple operations such as checking if a service is running on a specific device. However, may IT processes need to update multiple systems or devices to complete a task. Based on the experience with PTM, Osirium created the Privileged Process Automation (PPA) platform, also known as Osirium Automation.

Osirium Automation has been built to securely automate IT processes in a way that best suits IT organisations. It is focused on being the ITPA tool of choice - fast to deliver value and support existing staff.

Here are a few of the ways Osirium Automation addresses the needs of IT Operations and Management:

Built with security as its focus: Credentials used to access services and devices are stored in a secure vault Osirium PAM or HashiCorp (and others can be added). Credentials are never passed back to the user's workstation, so they are never exposed to the user, on the endpoint, or on the network.

Automation script development: Osirium Automation includes a low-code development and publication system that makes it easy to create new tasks. "Automated playbooks" are written in YAML, familiar to many IT admins. A free repository of pre-built plug-ins and tasks are is provided by Osirium to use as a starting point.

Approval workflow: Many tasks may need review and approval before being completed. Osirium Automation can notify approvers via email, Slack or Teams, so the approver gets the notification where they want it. All approvals are collected with the audit trail of the task.

Comprehensive audit trails: Task execution is recorded to make for a complete audit trail. Many tasks, for example creating accounts for a new starter, touch multiple systems. The Automation recording is a single place to see all the logs without having to search through millions of records in multiple logs.

Guided automation: Automation is mostly used to support humans in addressing a service request. Many tasks need to collect information and choices to be made before executing any changes. Osirium Automation uses a "conversational" style of presenting prompts and options which can be fully tailored to suit the language and terminology familiar to the users.

With that control, many tasks can be safely delegated to first-level help desk engineers or even to end-users. They can't do anything they shouldn't, and there's always an audit trail. A good example is how Automation is transforming IT service delivery in the NHS.

Integration and scheduling: An API makes it easy to integrate Osirium Automation with existing service desk tools (for example Service Now) or corporate intranet portals. Routine tasks can be scheduling for recurring tasks such as checking server performance or running a backup.

Automation Strategy: No silver bullet

The term "Hyperautomation" has been used by Gartner to describe the need for multiple styles of automation for different tasks across the business. An automation strategy needs to consider all the scenarios where automation can be a benefit with the view that there isn't a single automation solution that covers them all.

As a complement to RPA. Osirium Automation is a perfect fit to address automation needs in IT.