Best Practices for Enterprise Workload Automation Security
Security is one of the leading drivers for considering centralized workload automation. Most IT pros can leverage native tools and scripting to automate repetitive IT processes. These basic automation tools, however, can be difficult to scale and manage because they aren’t always built with an enterprise security model in mind. Some of the specific risks associated with ad-hoc automation tools include:
- Non-administrators are given administrative rights to applications just so they can run a batch job.
- Non-administrators are given administrative rights to entire servers or VMs just so they can run a batch job.
- Passwords are transmitted in plain text when they should be encrypted.
- IT administrators are shouldered with managing access privileges whenever employees start or leave.
For highly-regulated industries these workarounds can put a company out of compliance. But, every organization should consider these practices inefficient. Eliminating these practices sooner, rather than later, positions an organization for scalability. Automated processes that adhere to enterprise security, are genuine assets.
Securing a Centralized Scheduling Solution – The Job Model
Assuming you’ve consolidated all of your batch jobs into a centralized schedule, you are ready to apply a set of security standards that make workload automation a valuable asset to your entire organization.
Level 1: Securing the Server
Once you’ve implemented a centralized schedule, there is only one gateway to managing scheduled jobs: the scheduling server. Whether your batch jobs run on 2 machines or 2,000 machines, users must adhere to this server’s access privileges. No client (GUI, web, script or custom application) will be permitted to connect to the scheduling server unless it is explicitly configured to use it.
Benefit: The client and the connection to the schedule are completely independent. High value IT pros don’t need to be bothered with installing clients on local machines.
Level 2: Securing Folders
Efficient organizations manage thousands of batch jobs, but that doesn’t mean every users needs to view, edit or manage every job. Irrelevant batch jobs present both a security risk and a distraction. Imagine if your human resources department and your accounting department had to share one folder for all their documents! Even if they couldn’t open them, just the documents’ names could compromise a confidential matter.
Folder-level security enables you to limit users and groups to only the subset of jobs that are relevant to them. Accounting can only see accounting batch jobs; human resources can only see human resources jobs; etc.
Benefit: Business users focus exclusively on batch jobs they need to get their work done.
Level 3: Securing Individual Batch Jobs
Sometimes, you need granular control over one specific job – maybe it resides in the accounting folder but you want to allow access to a contractor. Job-level security enables you to set a unique set of privileges that overrides the inherited security settings of the folder in which it resides.
Benefit: Jobs don’t need to be relocated from their logical folder just to provide a new set of access privileges.
Securing a Centralized Scheduling Solution – The User Model
Not all organizations perceive their processes as belonging to a logical department or function. Their users run batch jobs across diverse areas of an organization, but they don’t necessarily need access to the entire schedule of jobs. For these types of organizations, a user model can be applied. An enterprise workload automation solution enables administrators to start with the user or group and then select the specific folders or jobs to which that user or group should have access.
Not sure which security model would work best for your organization?
Learn everything you need to know about JAMS when you watch our comprehensive Feature Tour.