While we probably will never achieve 100% IT automation, there are areas where it should be pursued, not only to free up IT professionals from spending far too much of their time handling repetitive tasks but also to improve organizations' security.
That was the consensus of a panel of IT professionals speaking at the recent "Demystifying IT Automation" virtual event put on by ITPro Today and sister site InformationWeek.
"The best approach to automation is don't do 100%, go for the low-hanging fruit," Charlotte Dunlap, principal analyst for application platforms at GlobalData, said during the panel discussion "IT Automation in Practice." One example is process mining, going through systems to see where inefficiencies are happening, and attach automation there, she said.
Destiny Bertucci, a product manager at Auvik, called 100% IT automation a "pure myth," but sees great value in using it for repetitive tasks. "When automation first came out, a lot of IT folks in general were nervous" that it was a replacement for their jobs. But they have found that it actually can benefit them, so, she said, "the 100% automation and I can just lift-and-shift and never think about anything or do anything again is a myth."
There will always be new technologies and new problems that need solving, so we are never going to reach 100% IT automation, agreed Eric Fisher, practice lead for cloud and process automation at Micro Focus. "If you aspire too big and try to do everything at once, you are never going to get there," he said, advising instead to look at the small challenges and work organically through the problem.
IT Automation and Security
That said, there have been major breakthroughs in IT automation in recent years, one being its use in improving an organization's security.
Automated services help you find anomalies and react to them with machine learning and pattern recognition, according to Bertucci. Automation also cuts down on "fat-fingered mistakes" that could cost companies significant amounts of money, she added.
One specific area of need that automation is being used to fill is the provisioning and deprovisioning of contractors, Bertucci said, because there's a risk that contractors who no longer have a contract may still have access to applications or data that they shouldn't have. "Automation comes around, and you have things like access rights managers," she said. "If you know when a contract ends, you can actually place that in there, and it will literally deprovision their account. So even if you get busy … it's an easier way to make sure these things get done."
Even internal users can have elevated privileges for no reason. Bertucci sees this as a top security issue because it can result in internal security breaches — whether accidentally or intentionally.
Fisher agreed, saying companies must concern themselves with social engineering because of the danger of giving someone too much access. "You've opened up Pandora's Box with too much information," he said. "The risk is so high right now because social engineering exploits are on the rise. You say one thing to the wrong person, and all of the sudden they've got keys to the kingdom."
There are very powerful automation tools that are connected to data centers with thousands upon thousands of devices — you can do a lot of damage not by just stealing data but by having the ability to shut down large corporations in seconds, Fisher said. "You really have to think about, 'How do I put safeguards in place?' First is take away the knowledge of the credentials, lock them down," he said. "Compartmentalize the automation."
Patching is another area in which companies are using automation, according to Bertucci. "[Auvik] automates [patching] so they come out to thousands of servers instead of individually to servers, so that a zero-day attack can be handled within an hour," she said.
IT Automation and the Great Resignation
We are now in the midst of the Great Resignation, with employees leaving their jobs en masse. But how is automation impacting the careers of IT professionals?
Fisher, for one, doesn't believe IT automation is leading to resignations or mass firings. "I think what it is doing is, for those people who just want to push buttons and restart servers all the time, it's making those jobs obsolete, but it's elevating everyone else to the next level to be automation engineers," he said.
Dunlap and Bertucci agreed that the mundane jobs are the ones that will be automated.
Robotic process automation (RPA) will replace a lot of the mundane, tedious jobs that humans do, such as processing insurance claims, according to Dunlap. "If you implement RPA and chatbot and complement that with the human element, you suddenly can take those folks who used to be doing those mundane tasks and giving them high-productivity types of jobs," she said.
Bertucci emphasized the importance of automating repetitive tasks for the sake of innovation: "You don't have the innovation if you are stuck doing the mundane," she said.
"Automation is repeating tasks. Innovation is not repeating tasks. [Automation] is a great way to do the mundane.
"What I do need is for my team to invest in my IT culture and the needs of my business," Bertucci added. "And to do that, you need to have time. Innovation comes from there. So yes, [IT professionals] are automating processes because they are offsetting that, but they are actually getting into some of the reasons why they are in IT from the beginning. And I think that's exciting."