IT Process Automation

What is IT Process Automation?

As discussed above, many IT operations are repetitive. Most IT Help Desks report that the common request they have is to reset users' passwords or unlock their accounts. Other frequent tasks include adding users to Active Directory (AD) groups to access services or devices, create accounts for new staff and removing accounts when staff leave. Automating these IT processes would be ideal, but unlike business process automation (which is where most RPA tools are used), those processes are ad hoc - being run when needed. They aren't the same as processing a continuous flow of incoming documents such as might be processed by RPA robots (or bots) that are continually listening for work to do. RPA has been a core part of many organisation's digital transformation strategies, but IT hasn't been able to make the same kind of transformation. That's where IT Process Automation (ITPA) is needed to automate common processes and workflows in a secure, flexible and easily managed way.

The need for Privileged Process Automation

A common factor for all these operations is that they need expert admins to use complex management tools. Those expert admins need privileged access to services like AD, backup management systems, hypervisors, cybersecurity systems and much more. In the IT Automation Survey research, risk was highlighted as the main reason why more IT processes and tasks aren't being delegated - both in terms of security and compliance risk.

Those privileged accounts are, rightly, very powerful as they can make significant changes to IT systems. Privileged Access Management (PAM) protects admin access to IT systems, Privileged Process Automation (PPA) goes further and protects the work being done while using those privileged accounts. Automation addresses those risk concerns that have been holding back delegation. By automating tasks, users can't do anything they shouldn't and policies are enforced. Being built for these ad hoc privileged operation is the main difference between IT Process Automation and Robotic Process Automation for business processes.

What’s wrong with traditional IT automation?

Automation of varying forms is already being used across many businesses with RPA, but automation is much less widely deployed in IT. Why?

Automation with scripts is costly and risky

IT experts and systems administrators have always been very creative at avoiding boring repetitive work. Using tools such as Bash scripts on UNIX/Linux or PowerShell on Windows (what might be called the original automation tools) which can bundle sets of complex commands that need to be run repeatedly.

But they also introduce new issues. Those scripts are very personal, they sit on that Admin’s desktop and no one else knows they exist so the same script gets created multiple times, each one slightly different. The scripts will need user credentials, often administrator credentials, to perform the commands they need. But scripting tools don’t have a good way to securely protect those credentials so dangerous short cuts are taken such as coding the username and password right in the script!

RPA for IT Automation

Robotic Process Automation (RPA) could be considered “traditional” automation as it's become so familiar in many business operations. The concept of software robots tells its own tale: robot processes are very good at performing the same task over and over when little or nothing changes around them. That’s why so many robots are deployed on production lines.

Developing workflows or scripts with RPA is an expensive task. To build scripts that have a potential for success even with variable data takes a lot of skilled coding or learning. If a task is performed enough times and would be costly when performed manually at scale, then the cost and time taken to develop those scripts may be a reasonable return on investment. But many IT tasks aren't that time-consuming or don't have that kind of volume, so RPA tools and scripts are just too expensive or complex for most IT tasks. In the Osirium research, 35% of respondents thoughts that RPA would have only limited applicability to IT operations.

IT Service Desk Automation

Many IT Service Desk tools, for example ServiceNow, include automation features. These can be extremely powerful workflow automation systems to handle workflows such as change request reviews and approvals. For example, how a change request raised by a business user is assessed, routed for approval and then allocated to an engineer to implement. At that point, the workflow automation pauses. Ultimately, that engineer has to login to a service, system or device to make the change (hopefully using PAM). Ideally, they will update the change request ticket with all the information related to change, but in reality they may only record that the change happened and there won’t be any audit trail showing exactly how the change was made. IT Process Automation can be considered as the missing link in a service desk workflow automation system.

Process Automation is a security win, not just cost saving

One of the aspects of workflow automation that is often overlooked is the positive impact it has on cybersecurity. Although, as already discussed, security with automation, whether using traditional automation software, ITPA, or RPA tools, is not just about how passwords are used (although that is still critical).

With process automation software, the work being performed can be completely controlled. If a human was performing the task, they may use PAM to securely access a device or service, but there's little control over what they do while connected. Modern PAM solutions, like Osirium PAM, can monitor sessions in real-time and record the sessions for investigation after a potential incident, those are passive controls.

Privileged access abuse happens in many ways. Credentials could be stolen, but an expert could be compromised or decide to cause damage as a result of a grievance. If someone gets access to a privileged account on a system where they're not experts (sadly, this kind of over-privilege happens more often than it should), then they could cause significant damage by accident.

Process automation tools can prevent these privilege abuses. When the work is fully defined within an automated workflow, there's no chance for the user to do anything they shouldn't. Of course the system will also record a complete end-to-end audit trail.

For many adopters of IT Process Automation, the primary driver may be to increase their cybersecurity posture, not just to reduce cost and effort.

Osirium Automation is the answer for IT Process Automation

As we’ve seen, each of those different automation technologies have their own benefits but also their own costs and risks.

Osirium Automation has been built with the purpose of securely automating IT processes in a way that best suits IT organizations. Here are a few key capabilities that make Osirium Automation the ideal solution for IT teams:

• ‍Security built-in: All credentials needed to access services and devices are stored in a secure vault such as HashiCorp or Osirium PAM (or other PAM tool). They’re never passed back to the user’s workstation so not exposed on the endpoint or network.
• ‍Easy to build automations: Automation includes a low-code development and publication system that makes it easy to build new tasks or automation workflows, also known as “automated playbooks” in YAML.  Osirium also provides a repository of free pre-built plug-ins to access common IT systems and tools, and pre-built tasks to use as a starting point.
• ‍Built-in approvals: Automation tasks can include request and approval workflows. Notifications of requests can be routed via email, Slack or Teams so the approver gets the notification where they want it.
• ‍End-to-end audit trails: The entire task is recorded as a complete audit trail. Even if a task touches multiple systems, there one place to see all the logs without having to trail through multiple log servers.
• ‍Human-friendly automation: Automated tasks are presented in a human-friendly, conversation style. If the task can be fully automated, for example, check a server is running, no interaction may be needed. But a task that needs choices can be as easy as you want. Many tasks can be safely delegated to help desk engineers or business users as they can’t do anything they shouldn’t and there’s always an audit trail.
• ‍Scheduling and integration: Osirium Automation has a rich API making it very flexible in use. It supports scheduling of tasks (for example, checking server performance or running a backup). It also allows for integration into existing corporate portals or service desk tools. In the earlier example of the service desk system delegating a task to an engineer, that step could be replaced by invoking an Automation task which will update the change request with the full audit trail when completed.

The future: Hyperautomation and choosing the right tool for the job

Gartner use the term “hyperautomation” to describe the need for multiple styles of automation for different tasks across the business.

Osirium Automation is a perfect fit to complement Robotic Process Automation (RPA) and other automation tools. Unlike complex and expensive RPA tools, Automation can be up and running in minutes and tasks can start delivering value from day one. That's not to say it's going to replace any existing RPA for business process automation, but when you combine the best tools and use them where they work best, then digital transformation becomes realistic.

You can even get started for free with PPA Express. If you’d like to know more, please get in touch.