Automation: the solution to overloaded IT teams?

Kevin Pearce, technical director at Osirium, argues that to compete against increasingly sophisticated cyberattacks, organisations need to combat automation with automation

Posted 1 September 2022 by Christine Horton

Maximising IT and security skillsets, time and resources has never been more important for government organisations – or quite so difficult to achieve.

For roles that are becoming increasingly business critical, it is vital that staff adopt the right processes, protocols, and supportive solutions to avoid becoming overstretched so that they may continue to deliver consistent results. However, this is unfortunately proving to be a difficult task.

Many IT experts continue to be burdened with repetitive, low-value and time-consuming jobs that simply don’t make the best use of their skillsets. Much of their time is spent on addressing everyday requests such as resetting passwords, creating accounts for new starters, or checking to see if a server is operating as intended.

With ‘the great resignation’ starting to bite the public sector – a survey from the Trades Union Congress indicates that 21 percent of key workers in the sector are ‘actively considering’ a move to another profession, due to factors including high workloads – government organisations need to do what they can to prevent the loss of skilled and committed technology experts.  

In an ideal world, these jobs would be delegated to IT helpdesks or users themselves, freeing up IT and security experts to focus on more strategic projects.

Interestingly, the vast majority of organisations agree. According to recent independent research commissioned by Osirium, more than nine in 10 (92 percent) overall see the value in delegating IT tasks from admins to the helpdesk or end-users, with 58 percent already delegating account and user management jobs such as password resetting and account unlocking.

However, despite this, less than half (43 percent) delegate most of their work at present.

The reasons for not delegating

The survey found that almost a third (30 percent) of those that aren’t delegating work said it’s their job to do the active directory (AD) management tasks, so it’s not entirely surprising that they’re choosing not to delegate these.

Another key reason for the disparity in the figures stems from hesitancy among IT and security leaders themselves. Three in 10 highlighted risk as the main reason for not delegating user account management work, and this anxiousness is also evident in some of the other responses. A quarter (26 percent) said that the helpdesk wouldn’t know how to do the work, 22 percent said they don’t trust anyone else to do those tasks they could delegate, and 19 percent said that others don’t have clearance to do these tasks.

It is clear that IT professionals remain reluctant to delegate their work, with concerns over security risks (29 percent), compliance risks (25 percent), performance risks (24 percent) and cost risks (18 percent) all cited.

This is perhaps in part due to a lack of current satisfaction over delegated tasks. Just 37 percent of respondents said that they are “extremely happy” with how these are carried out, suggesting there’s still plenty of room for improvement.

Hesitancy is no bad thing in itself. While the resolution of many IT issues is relatively straightforward for IT professionals, input from an expert is still often necessary to avoid mistakes that could potentially lead to security risks.

That said, the continued reluctance to delegate tasks is unsustainable, and must be addressed.

The impact of failing to delegate

Not delegating has many potential negative impact. IT staff can end up doing work they don’t enjoy, fall behind schedule, deliver poor service, and lack the time to spend on training, development or strategic projects.

Excessive workloads can also contribute to burnout and stress – two of the three biggest drivers for staff wanting to change jobs alongside prospects of better pay. For organisations, this is a challenge. Replacing experienced IT administrators that are already in short supply can be both time consuming and incredibly costly.

Automation can inspire better outcomes

To avoid these potential issues, organisations need to embrace automation as the key to the safe delegation of jobs.

Not only can automation ensure policies are followed, credentials protected, and audit trails maintained – it will also free up IT professionals to focus on those all-important value-added tasks.

Asked what they would do with any time saved by automation, the number one answer among IT and security professionals was training and development (41 percent), with innovation and growth coming a close second (37 percent). Further, a third said they’d use the time for personal time-off.

It’s clear that reducing manual effort has benefits for both individual and business, capable of reducing cost and risk, improving service, and reducing staff stress. But how exactly should organisations go about implementing automation to improve practices and unlock these benefits?

First, they should find secure ways to automate IT tasks that are sensitive, so that more work can be delegated. This involves moving away from traditional methods of automation such as scripting that can undermine security by often including embedded administrator credentials, for example. Critically, organisations should clarify the protection of the administrator credentials before delegating admin tasks to the IT helpdesk or end users.

Secondly, they should take the time to select a suitable automation platform.

Without question, automation is a critical component of any robust cybersecurity programme. Hackers and malicious actors are progressively developing and deploying automated attacks to scale more effectively and reduce the amount of direct support and instruction that many traditional cyberattacks require.

To compete against this level of sophistication, entities need to combat automation with automation. Yet not all automation platforms are made equal.

Currently, just over one third of organisations use robotic process automation (RPA) for IT automation, in the belief that it’s suitable for IT operations. With the vast majority either yet to see the value or struggling to use it effectively, it is vital firms take the time to adopt software that addresses their specific pain points.

The best way to do this is to select a provider that simplifies the development of automated scripts by providing playbooks or templates, offers secure connections to IT systems and devices, and makes compliance audits easy.

In taking the time to select the right platform, organisations in the public sector can ensure they’re using automation effectively in preventing the exposure of valuable credentials to users, reducing the chances of mistakes, and enabling admins to delegate tasks to other staff with confidence.

Kevin Pearce is technical director, Osirium