Reducing Data Breaches: Can IT Automation Narrow the Attack Surface?

By Mehul Amin

There were 1,244 data breaches in the US in 2018, compared to only 419 in 2011.^1,2

Data Breaches and Attack Surfaces

Organizations, enterprises, and governments spend billions of dollars each year securing their systems against data breaches. So why has the number of data breaches almost tripled since 2011?

The simple answer is that the attack surface is rapidly expanding.

The attack surface is the total sum of possible entry points into a network or system, including vulnerabilities in connections, software installations, user accounts, lines of code, etc. According to TechTarget:

“…a network attack surface is the totality of all vulnerabilities in connected hardware and software. In order to keep the network secure, network administrators must proactively seek ways reduce the number and size of attack surfaces. There is a law of computing that states that the more code you have running on a system, the greater the chance that the system will have an exploitable security vulnerability. This means that one of the most important steps information technology (IT) administrators can take to secure a system is to reduce the amount of code being executed, which helps reduce the software attack surface.”

Data breaches have increased because digital environments continue to grow as organizations adopt more cloud resources, implement waves of IoT devices, and operate far more applications than ever before. Organizations have more user accounts, more passwords, more custom scripts, more data transfers, and more lines of code for IT to maintain and secure.

Faced with the growing risk of data breaches and expanding attack surfaces, security becomes an even more critical consideration for organizations, especially those seeking to achieve efficiency through integration.

Minimize the Attack Surface

Organizations rely on automated workflows to reliably and efficiently complete critical, day-to-day processes, and the IT Automation solutions used to manage these workflows are integrated with systems and platforms across the organization —meaning, IT Automation solutions are woven into the attack surface at key points across the enterprise.

Yet, conversations about cybersecurity have largely ignored how IT Automation can influence the attack surface. This needs to change.

In order to strengthen security, organizations need to limit entry points and better regulate access within the IT Automation environment, beginning with:

1. Script reduction
2. Credential management
3. User accounts and permissions
4. Multi-factor authentication
5. Auditing and compliance

Reduce the Need for Custom Scripts

Not all automation solutions are created equal. Many legacy and native schedulers, as well as homegrown applications, are still script reliant. Relying on these older technologies means that new scripts must be researched, written, and tested whenever a workflow needs to be updated or a new application integrated. Not only is this time-intensive, but it complicates and expands IT’s attack surface.

Low-code IT Automation solutions are an alternative to script-reliant tools, providing prebuilt, pretested job steps that allow IT to seamlessly integrate workflows from a wide variety of platforms and applications, drastically reducing the need for custom scripts.

With a single IT Automation solution capable of integrating with virtually any digital tool on the market, IT can consolidate its automation tools and scripts, reducing the organization’s attack surface.

Credential Management for IT Automation

The average employee has 191 passwords; the average 250-employee company has 47,000 passwords. 2.3 billion credentials were stolen in 2017 alone.^3,4

Privileged Access Management (PAM) solutions allow IT to control and monitor privileged access across the enterprise by providing a secure vault that stores and rotates passwords. This helps prevent unauthorized access to critical platforms, systems, and infrastructure, reducing the possibility of a data breach.

However, IT Automation solutions do not easily integrate with PAM solutions without first developing custom scripts. For example, if access to a server relies on a rotated credential, the automation solution won’t be able to access that server until an integration is scripted between the two tools.

To reduce the friction between automated workflows and resources that require privileged access, organizations should implement IT Automation with out-of-the-box integrations to market-leading PAM solutions, such as CyberArk’s Application Access Manager, in order to extend these cybersecurity benefits to the IT Automation environment.

User Accounts and User Permissions

30% of data breaches in 2018 were due to unauthorized access.⁵

Each new user account is an entry-point into an organization’s network and systems, resulting in new privileges that need to be managed and new passwords that need to be protected.

Unauthorized access can be reduced with an object-oriented IT Automation system that enables granular user permissions. This allows IT administrators to restrict access to critical jobs and workflows within the automation environment. By giving granular permissions based only on a user’s role and need, IT can better secure internal systems against unauthorized access and negligent or malicious employees.

Additionally, an object-oriented approach to user accounts allows usernames, passwords, and certificate references to be associated to multiple workflows; a change to the object, such as a new password, automatically affects every job or process assigned to the object.

Multi-Factor Authentication

55% of businesses do not use multi-factor authentication.⁶

Multi-factor authentication (MFA) is an underused yet critical tool for preventing unauthorized access to IT systems and applications across the organization. MFA requires multiple levels of user authentication, adding another layer of protection against unauthorized access. There are popular apps, such as Google Authenticator, Microsoft Authenticator, and Duo, making MFA possible across applications, including IT Automation solutions.

Auditing and Compliance

Employee error was the third most-common form of data breach in 2018.⁷

With a single Low-Code IT Automation solution, IT is able to automate, manage, and monitor workflows from systems, applications, and databases across the organization. By leveraging a single IT Automation solution to manage workflows, IT can use a single audit framework to drive improved governance and regulatory compliance throughout the organization, minimizing and preventing the impact of unauthorized changes to workflows. A robust audit framework enables IT to see a full audit trail of all changes and modifications within the environment, allowing users to easily track changes and to troubleshoot failures faster and more reliably.

With improved transparency and control over the systems and processes IT automates, users can reduce attack surface vulnerabilities and help prevent cybersecurity incidents.

Mehul Amin
Director of Engineering

Serving as Director of Engineering, Mehul Amin oversees software development at ASCI, playing a central role in the creation of ASCI products and leading the engineering team.

Since joining ASCI, Mehul has held positions in Release Engineering, Technical Support, and Software Engineering. Mehul received a Master of Science Degree in Computer Science, concurrent with a Bachelor of Science Degree in Computer Science. He attended Stevens Institute of Technology in Hoboken, NJ.

Advanced Systems Concepts, Inc.

For almost 40 years, ASCI has been developing industry-leading products that help keep IT teams ahead of market trends. With over 2000 customers and a reputation for delivering powerful IT automation tools, ASCI’s accomplishments depend on innovation and integrity, especially as ASCI continues to grow and to help its customers accelerate their own digital transformations.

1. https://www.varonis.com/blog/data-breach-statistics/
2. https://digitalguardian.com/blog/history-data-breaches
3. https://info.shapesecurity.com/Get-the-2018-Credential-Spill-Report.html
4. https://lp-cdn.lastpass.com/lporcamedia/document-library/lastpass/pdf/en/LastPass-Enterprise-The-Password-Expose-Ebook-v2.pdf
5. https://www.idtheftcenter.org/wp-content/uploads/2019/02/ITRC_2018-End-of-Year-Aftermath_FINAL_V2_combinedWEB.pdf
6. https://lp-cdn.lastpass.com/lporcamedia/document-library/lastpass/pdf/en/IAM_LastPass_SOTP_ebook.pdf
7. https://www.idtheftcenter.org/wp-content/uploads/2019/02/ITRC_2018-End-of-Year-Aftermath_FINAL_V2_combinedWEB.pdf