Published: 08/01/2020
By: Kevin Foisy

Using PowerShell - What are the Security Repercussions

In my role as CEO of UC Clearly, I talk with a lot IT operations folks about automation. In those conversations, I hear about, and see a lot of people doing unsafe things with privileged credentials. I also talk with a lot of CSO's and many say they have it under control and aren't curious to look deeper.

Automation might not be on the radar

From a security perspective, automation is a bit of a niche space; it might not be on the radar. When we think about privileged credentials and IT operations, we think of IT admins gaining access to systems and applications interactively. This is why we bring in PAM systems; they lock up the keys, and this is why (I think) CSO's often believe that it's all under control. But automation is different and most often PAM systems don't integrate well with automation, particularly raw PowerShell scripts. This leaves operations people scrambling for other methods to store and feed credentials to their scripts, and in almost all cases, these methods violate security principles; especially Zero Trust. So PowerShell security is a problem...

We did a survey! 93% of respondents were in violation of Zero Trust

As a point of interest, we did a survey. We asked our IT admin / developer audience how they store script credentials for use in scripts. 93% of the survey respondents were storing and using credentials unsafely; in violation of Zero Trust initiatives.

What's even more interesting is we turned around and asked CSO's if they believed they have a problem with IT automation and use of unsafe credential storage. Only about 3% believed that they had a problem or were interested enough to inquire further. The evidence would suggest that there is a big disconnect between perception and reality; this is dangerous.

The problem is much more pervasive than it appears on the surface

Why care? Consider that most IT automation is done with PowerShell scripting. These scripts are the Swiss Army knives of IT teams. They glue systems together and make things work. These scripts require credentials; usually the keys to the kingdom. the keys that unlock virtually everything else. So, we're unsafely storing and using sensitive credentials in what environment? Right, the PowerShell environment...a hacker's dream. It's one of the targets hackers look for; discover PowerShell and you don't need a malware executable, you can infect the entire network with just script; back-doors, data theft, etc. Worse yet, the problem is mostly hidden. When the digging starts, organizations discover that the use of PowerShell automation is more pervasive than they originally thought. See a problem? More than one Fortune 500 has failed a security audit because of this - I have personally witnessed it.

How do we solve the problem of PowerShell security? Microsoft shut it down by default. Great for protecting the bulk of systems, but not IT...IT relies on it. It isn't going away. Many implement PAM products to protect the credentials but very few PAM systems actually integrate with the PowerShell run space. So the problem persists; no solution. This is where our Cloudbridge Platform has been very successful in helping IT shops lock this down.

Cloudbridge Automation Platform is a PowerShell DevOps environment made specifically for IT. Cloudbridge makes it safe to run PowerShell. It features a secure vault for credentials management and transitions the execution of PowerShell into a highly controlled, secure space. Cloudbridge injects credentials at the right time...no more native PowerShell, no more sensitive credentials exposed, no more Powershell security problem. Best of all, IT admins and developers never know the credentials. A key-holder can be assigned to manage the credentials and delegate them out and they can be different credentials for different stages of a project. Finally, Cloudbridge makes it very simple to code-sign scripts to ensure that an attacker could never modify a script. Cloudbridge provides a full DevOps environment for IT automation using the language that IT people use every day.

You'll Love it!

CSO's love it because it solves the PowerShell execution and credentials problem; now PowerShell can be properly locked down. IT people love it because it takes PowerShell to a new level that makes it much easier for them to get their job done. It gives them an entire new toolbox that embraces and supercharges PowerShell. Organizations love it because it centralizes PowerShell operations so that all automation is controlled, secure, audited and knowledge is retained through staff transitions. We love it because it's just really cool.

For more information, email info@ucclearly.com or visit https://www.cloudbridgeplatform.com

Contact

+1 (343) 804-0730
Information
info@cloudbridgeplatform.com
Support
support@cloudbridgeplatform.com

Address

555 Legget Drive
Suite 304
Kanata, ON
K2K 2X3
© 2020 UC Clearly Inc. All rights reserved.
arrow-circle-upbarsmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram