Overcoming recurring IT tasks is the dream of every CIO and system and network administrator.
Some of these actions are so ingrained in everyday life that no one questions them, yet when you get right down to it, there are simple actions that can be implemented to free up IT teams' time. Other actions are sensitive, and we don't really know how to automate them without adding complexity to a process already under strain.
Let's take a look at the 10 most time-consuming tasks that could be automated:
1. Creating user accounts
A new collaborator on the way? Great! He'll bring a breath of fresh air to the team, and he'll have a wealth of knowledge to share with his new colleagues.
Yes, but it also means that human resources and IT departments have to work upstream to prepare the new employee's arrival. You need to fill in your administrative form, and then the IT teams will have to contact HR to obtain precise information, such as your arrival and departure dates (if known in advance), your first and last names, your department, your position...
It's extremely repetitive, and the risk of error is high: a misspelled name and you have to redo everything with an Active Directory account and an e-mail to rectify.
⏩ Identity and access management (IAM) solutions are designed for just this kind of situation, automating account creation. HRIS and AD are connected by the IAM solution, which acts as an intermediary and enables certain information to be cross-referenced for automated actions.
An incoming employee? HR enters the information into its system, automatically notifying IT of the arrival of a new employee. All the necessary information is already present, and the creation of initial access is just a click away.
2. User account suspension
It's departure day, and we're planning a farewell drink for the departing colleague, a meeting to take stock and possibly organize the transition with his or her successor.
We sometimes forget to recover the list of software to which he had access, as well as the hardware that had been made available to him.
IT is informed (or not) of its departure and must suspend its accounts and recover its equipment. The complexity lies in the 'or not'. If IT isn't informed, you have to wait until the next "account review" to identify users who have left in the last 6 months, and realize that their accesses have not been properly suspended in the Active Directory or elsewhere.
It's also very likely that some accounts will fall through the cracks. When it comes to recurring and risky actions, this point is the perfect illustration!
⏩ An IAM solution allows you to get a notification from human resources to let you know that an employee is about to leave. You can then set the solution to automatically suspend these accounts, or leave it up to you to manage some of them manually. If an employee has left and accounts are still active, you'll find a notification to tell you that you have accounts in error with users who have left who still have active accounts.
3. Creating software accounts
You've created the user, he's got an Active Directory account and now he needs all the basic software specific to your company, followed by the software specific to his job.
Once again, this involves several actions on your part, with the attendant risk of error. What's more, all software is configured with a precise structure that applies each time. So many repetitive IT tasks that could be automated.
⏩ An identity and access management tool lets you create an Active Directory account for the person arriving with a single click, but you can also further simplify the creation of your users' accounts by creating software packages.
Everyone in the company has Active Directory, Microsoft 365, Slack, Zoom... group them together, set them up once and apply the package to each new user. How convenient!
You can perform the same action for each department, e.g. Salesforce, Pipedrive, Trello for sales, Adobe Suite, Hubspot, Monday for marketing.
4. Access rights management
Now that each user has his or her own account and software, we need to define which access rights each user will have for each account created.
It's important to have a clear, well-defined rights management policy, because applying default administrator rights to everyone is a high risk. Users could perform actions that pose a risk to the company, or could access sensitive data and compromise the company.
⏩ Authorization management solutions enable you to define upstream access rights for each user on each software package. You can create finance, human resources, management and sales profiles, and apply specific rights in batches.
5. Access monitoring
Your users all have well-defined access rights, congratulations. Now you need to monitor them. If a user oversteps his or her rights, or if a change of workstation results in a change of rights, how will you know?
To prevent access to resources defined as sensitive, or to monitor a group of users with high access levels, it is important to set up a monitoring system to check that a user's effective rights are correctly aligned with his or her profile.
⏩ Recognize that monitoring access without a tool is virtually impossible. With an access management tool, you can monitor groups of users with sensitive access and receive alerts in the event of anomalies.
6. Equipment management
You give your employees access badges when they arrive. Similarly, you grant company bank cards to certain people (marketing, HR, finance, sales, etc.).
It goes without saying that you'll get them back when they leave the company or change jobs. At that point, you need to have a precise inventory of who has what, otherwise you run the risk of forgetting.
⏩ It's easy to add an access badge, for example, to the arrival package. This will be managed like software, you'll get notifications when an employee leaves, and you'll have a list of all the badges you've allocated and what you have left.
7. Performing audits
When you carry out audits, you need information such as a complete list of active accounts, a list of users and a list of who-has-what access.
Without a global vision of your IS, it will take days to get a complete list.
⏩ An IAM tool is really THE solution to facilitate audits and daily monitoring. You'll be able to filter your users, accounts, software, hardware stock, etc. in great detail.
In the user's file, you can find all the software he/she has access to and the rights he/she has been assigned. You can also find all users who have accounts on a software.
You can have a global view of your authorizations.
8. Password reset
How many times a day are your services disturbed by password resets? The answer is far too many!
It really is THE unnecessary, time-wasting inconvenience for everyone, user and system administrator alike.
⏩ The solution is a single platform for managing self-resets, available to your users.
With an IAM platform you have access to identity and access management, and you can also have a dedicated site for users where they will have access to all the software assigned to them, with the possibility of requesting password resets.
9. Sending logins to users
What could be more pointless for employees or IT than a password reset? It happens that you forget your password, and yet it can be blocked for long minutes...
⏩ Users access their interface where they can reset their password depending on the application. They gain time and autonomy, while IT saves time and low-value-added tasks.
10. Retrieve information from a new arrival
To register a new arrival, the process is generally well in place. HR fills in an exhaustive form and forwards it to the IT department. All the information required to create a user is present.
Although the process can be time-consuming, it works.
On the other hand, when it comes to integrating an external service provider (consultant, temp...) the machine jams.
⏩ Users are directly synchronized with the HRIS. HR and IT no longer have to do this transmission/transcription work (which can avoid typos).
As far as external service providers are concerned, an IAM solution really helps to ensure clean, simplified user registration. The manager or team leader can enter the information himself/herself into a form you've drawn up in advance. This saves you precious time and reduces the number of back-and-forth operations, since you'll have all the information you need on the IT actions to be taken for the newcomer.
So, is automation a gimmick or a necessity?
Automation is not a luxury to be indulged in within the IT sector, but a matter of security and employer brand.
Don't think you're in charge;) you risk creating loopholes in your internal security.
The benefits are many, with :
- time-saving for IT teams
- reduced risk of error
- process standardization
- an additional brick against cyber-risk
- the human impossibility of keeping a system up to date with numerous arrivals and departures
- a more professional image within the company
- limiting low value-added tasks
