With the push for stronger security, new employees are often frustrated during an initial couple of days of their employment, just waiting to get access to all the resources they’ll need as IT staff frequently has to manually go through each and every system and generate tokens for the new hire.
Given the current industry preference towards agile development – especially in startups, we often run across circumstances where:
- One person manages the database access (and pretty much all the other Operations-related credentials).
- The team grows from 2 to 10. Easy, we can still grant each one of the new hires access tokens, etc., manually.
- As the team and number of systems begin to scale, the amount of manual operations to provide access quickly gets out of hand.
User provisioning and de-provisioning are the act of granting/revoking access to the company’s resources to an employee (or in some cases, an external vendor) – automating this flow eases the burden from either the HR or IT department of the firm, and ensures that both are done correctly each and every time. User de-provisioning can increase security by restricting access to employees right when they leave the company.
In a small team it’s all easy to manage, but as the team grows, forgetting to remove privileges from a user’s privileges after they leave the team is all too easy – opening up your system to attacks.
Think of how DevOps pipelines are handled these days (even in small-to-medium scale startups) –just a simple commit to the repository sets off a chain of operations and everything works like a well-orchestrated system. Could this be done manually? Yes. Why do we not do it manually? There are several motivations: the likelihood of errors; to improve team productivity; and because manual processes are often undocumented and non-standardized.
In the past, many companies have tried to approach this problem headfirst by just scripting the orchestration of provisioning and de-provisioning, but just like in the case of DevOps, automating the workflows triumphs hand-written scripts for several different reasons. For example, you’d likely prefer that your engineering resources be focused on adding value to the business.
Another major reason is scalability. While these scripts work when you just have to provision for one database, what happens when you use a whole suite of databases, and each one has different requirements for access? These scripts will have a hard time keeping up with the growth of your team and technology stack.
Automating this entire process brings a whole suite of benefits
Contractors/Temporary workforce can be integrated quickly
In an ever-increasing remote-first world, the need to hire remote temp workers and third-party vendors for projects has increased. That means there is a need to grant and revoke specific privileges to these temp workers, and more importantly, to ensure that all privileges are revoked by the time the employee leaves the firm.
An automated system not only shortens the onboarding time, ensuring that the temp employees are unblocked quickly, it also takes out the guesswork of all the privileges that need to be revoked from them.
Onboarding employees (temp or full time) becomes a breeze
Employee onboarding encapsulates a number of different tasks. Everything from getting to know your team, to gaining access to the necessary databases and ops accounts, etc. Even if we just focus on getting access to accounts, it’s time-consuming when done by hand. Either IT or HR must sit down and evaluate all the necessary resources and then provision them one at a time manually. All while the new hire is doing… practically nothing.
Easier management of company-wide resources
At some point, your organization will add another database to the already long list of resources that the employees need to access. In most circumstances, this would require manual user provisioning – resulting in a costly and high-overhead process.
When automated, every existing employee can get access at the click of a button. This new approach to access is also available to new hires – saving the organization time and money.
How strongDM helps you automate this
Tools like strongDM were designed to address this specific challenge. From an administrator’s perspective, there is only one integration that needs to happen for each server or database, rather than a multitude. Once the strongDM gateway has been configured, their job is done.
Provisioning and de-provisioning of users is a much simpler process. Simply provision a new hire in your existing (single sign-on) SSO, direct them to install the strongDM client and you’re done. That account can exist in strongDM if you don’t have a company directory, or they can be assigned to SSO on the platform that your company uses everywhere else.
Automating infrastructure access can be simplified, allowing manpower in both – HR & IT to work on business-specific tasks.
You can try out StrongDM for free at https://www.strongdm.com/sedaily.
The post Automate your Infrastructure Access Workflows appeared first on Software Engineering Daily.
* This article was originally published here
No comments: