TL;DR: Everyone loves Slack. But did you know it can be used to authorize Linux commands? In this post, we walk through the top three ways ChatOps tools can improve security.
Some people may think of Slack as a fun way to send messages and GIFs, but it’s much more than that. Since launching in 2013, Slack has become one of the hottest enterprise tools. In fact, it reached 12 million users in March 2020, according to The Verge, as more users turned toward the app during the COVID-19 pandemic.
With tools like Slack, users can receive instant notifications and communicate all in one place as part of their daily workflow. Yet some of Slack’s most powerful features come from integrations.
For example, by integrating privileged access management (PAM) security tools like Cmd with Slack, companies can make security tasks much easier for admins by bringing the authorization and alert monitoring controls straight into their channels and direct messages. Since they are already using Slack all day, why not bring these microtransactions into this platform rather than stack them into a queue somewhere else? In a way, this idea of ChatOps for security isn’t such a newfangled idea—configuration management databases (CMDBs) have been around for a long time. However, the difference is that CMDBs are custom-built and require significant, ongoing care and feeding. Slack and other ChatOps tools can integrate with security tools out of the box and are easy to use, even for less technical users.
In this post, we explore some of the core ways that integrating ChatOps as part of permissions processes can improve security—and more.
Control Root & Database Access
Linux is a dev’s dream—it’s flexible and highly-customizable. That also makes it a challenge for security admins to lock down. All too often, we see that organizations have given complete access too broadly across their core environments, without any means to definitively record who has access to what. If there is a record, it’s often manual and can slip out of date easily.
By streamlining permissions via ChatOps apps like Slack, companies can create better record-keeping, and they can better control two core areas of risk: root users and database access.
Root users have a huge amount of power. They can access critical systems and make changes to nearly every file, package or running process. PAM is meant to curb this by creating and maintaining policies that limit who has access to these accounts and what they can do with them; however, this can create bottlenecks and inefficiencies as administrators wait for approvals to perform necessary and critical actions. Combining PAM with ChatOps tools allows companies to streamline these approval processes, bringing authorization requests straight to a regularly monitored channel and (even better) offering the means to accept or deny that request in app.
As for database access, companies can set up ChatOps gates before users run a command to access the database. This is also very customizable. Sometimes devs need to access databases for legitimate business reasons, or need to take “risky” actions as part of their routine work, such as setting up MySQL dumps. Rather than giving a carte blanche on database access, organizations can create a middle ground between blocking work and allowing everything.
Better Auditing and Compliance
Logging is one of the basic requirements for many compliance regulations. Moreover, there are huge benefits to understanding who is doing what, where, when, and why—especially in production Linux environments, where users have access to critical systems and sensitive data.
Integrating a PAM tool with ChatOps apps like Slack can ease the burden of permissions management and ensure your organization is audit-ready.
The process typically looks like this:
User wants to access a production environment, and requests permission
Slack alert goes off
Gets approved/denied by an admin
User gains access for a certain amount of time, after which they’re closed out
Meanwhile, everything can be logged in a PAM solution. For example, with Cmd, all activity within the production Linux environment is logged and attributed to the accessing account (and the user too, if they logged in via 2FA/MFA).
Make Your Admins’ Lives Easier
Logs are important, but just having logs doesn’t improve security or meet all compliance requirements. Companies need to monitor and maintain their logs, too. But for companies with lean security teams, that’s often a huge administrative burden—in fact, one of our clients at Cmd spent a quarter of their time on alerts before they started working with us. Now, they spend less than 1% of their time on the same activities.
The truth is security admins don’t need to manage every tiny permission or request. Often, devs understand requests better. With permissions via ChatOps, companies can shift the real-time, daily burden of approving requests to the dev team, while giving the security team full visibility over what’s happening. This allows the security team to monitor and understand what’s happening in the environment without needing to grant access themselves every time. And it improves core metrics like mean time to resolve (MTTR), which makes both developers and security admins happy.
Let’s Talk ChatOps
CISOs, CIOs, and other information security leaders are constantly worried about supply chain attacks and misconfigurations. They may also be concerned about the risks of exposed information in ChatOps apps. However, as organizations become more dependent on apps like Slack, it’s inevitable that more business processes—like permissions—will migrate to ChatOps, too. By moving permissions workflows to Slack or similar tools, companies can improve their security posture, audit-readiness, and efficiency. Slacking off? Not by our definition!