Skip main navigation

Self-Service and Automation

In this video, you will learn about self-service and automation.
And we also have the option of self-service. The cost of and the notional cost of a service desk call is around $50 US. So if we can reduce this cost, this is perceived as being desirable, typically a desirable outcome. And also the speed of provisioning becomes far faster. It can become instant. We may wish to delay that through approval processes, as we’ve said, for example, with bring your own device devices. We may place the devices in a quarantine area, subject to approval. We may wish to consider some of the following. We could look at device enrollment, profile management, the ability to unlock accounts, the ability to reset accounts. All of these typically would result in a helpdesk call.
If we can avoid those helpdesk calls, we lower cost. But we have to make sure that the process is one that works. And Bruce Schneier once described the password recovery options for accounts as being easier to guess than the password itself. So if you look at your web mail or any of the online accounts that you have, you have to set recovery questions, or you usually are suggested to set recovery questions. And these questions are questions like your mother’s maiden name, where were you born, the name of your first pet. These are not secret. Absolutely, these are not secret. Very simple to social engineer this information.
And for people on a public platform, for famous people, this kind of information is in the public domain often. So in 2005, Paris Hilton had her T-Mobile account hacked by a teenager. And all they had to know was the name of Paris Hilton’s pet, her pet dog. And in order to find that out, all they had to do was google ‘What was the name of Paris Hilton’s pet?’ Pretty simple way to compromise an account. In, 2008 Sarah Palin, the US politician, her Yahoo account was hacked by a college student.
And they did this by resetting her password using the recovery information, which was her date of birth, her zip code, and the place where she met her spouse – all available on her Wikipedia page. In 2014, after nude photos of several Hollywood actresses were leaked, Apple reported that their iCloud accounts had been hacked through a very targeted attack on usernames, passwords, and the recovery security questions. So we need to be careful, if we are using self-service, that we are not creating a new attack vector.
We talked a little bit about automation already. We can look to create additional accounts or primary accounts. The way we typically do this is through the use of middleware or APIs, Application Programming Interfaces. If we are doing this, we need to have a good sense of awareness around the data quality that we are consuming in order to provision a new account. Because if we are taking information that is stale or information that is inaccurate, again, that mistake becomes propagated forward.
For the business logic, we need to consider which systems have primacy over different types of information. If it’s possible to update your telephone number through your voice over IP telephone system, through your intranet phone book, through your directory service, you potentially can have conflicting changes. Which one of those systems should have primacy when they synchronise overnight, for example.
Automation via middleware or APIs is absolutely possible. And this can help us with some of the manual processes; it can reduce the workload. That business logic we need to understand. The latency, again, becomes an issue. We need to understand it, at the very least, to understand what the impact will be. By default, if you make changes to an active directory account, it can take 15 minutes to propagate. If we’re using provisioning more widely outside the directory, it may be instant. It may not. So again, this may not suit our privileged access management accounts.

In this video, you will learn about self-service and automation.

An advantage of self-service processes is that it may help to reduce costs and increase efficiency. However, it can also create vulnerabilities. The use of self-service processes will depend on the organizational requirements and risk profile.

Automation processes can include the creation of additional or primary accounts, either through Middleware or an application programming interface (API), which will need to take the following into account:

  • data quality
  • business logic
  • latency
  • privileged accounts

Reflect and share: How does self-service or automation manifest in your context? Share below.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education