Skip to main content

How to Create Zero-Touch Automations in BetterCloud

Last month, our (former) director of SaaSOps and corporate IT Justine Bienkowski wrote that zero-touch onboarding is a dream for many teams. In a more recent conversation, Bienkowski quipped to me that zero-touch doesn’t translate to zero work. “Someone has to build the workflows and push all of the buttons that enable your automation-first strategy,” she added.

In previous posts, we’ve discussed how BetterCloud’s IT team overhauled our onboarding and hardware procurement processes with automation. Today, let’s take an even closer look at how the sausage is made. Here are just a few examples of zero-touch automations and alerts that you can build in BetterCloud. 

Zero(ish)-touch internal job transfers

In a world without workflows, it takes IT roughly 2,000 hours to move just one employee to a new department. OK, you caught me. That’s a gross exaggeration. 

Still, here are just a few of the tasks that IT is responsible for whenever an employee transfers to a different team or relocates to a new city. While it might not take 2,000 hours to complete this list, there’s no denying that it amounts to a lot of manual work:

  • Remove the user from their current group
  • Remove the user from group-specific Slack channels
  • Remove the user from department-specific SaaS applications
  • Add the user to their new group
  • Add the user to Slack channels that are relevant to their new job
  • Grant access to additional applications required for their new job

Could you do all of these tasks manually? Sure. Do you want to do them manually? It’s probably not a stretch to say that most (if not all) IT admins would say no.

OK, so how do you automate all of this work? Imagine that one of your marketing team members has transferred to your sales engineering department. In the screenshots below, you’ll see that you can trigger a marketing offboarding workflow and a sales engineering onboarding workflow just by changing the employee’s Org Unit in Google Workspace. 

In this workflow, a user is offboarded from the marketing team when IT removes them from the Marketing Org Unit.
In this workflow, a user is onboarded to the solution engineering team when IT adds them to the Solution Engineering Org Unit.

Here’s a quick breakdown of what’s happening in these workflows:

  • Removing a user from the Marketing Org Unit triggers the marketing offboarding workflow, which removes that person from marketing-specific Slack channels and revokes access to applications like Asana
  • When IT adds that person to the Solution Engineering Org Unit, BetterCloud runs the solution engineering onboarding workflow, which grants access to relevant groups, Slack channels, and additional apps they need to do their job

I have a hunch that you’re thinking this isn’t exactly zero-touch. And yes, these workflows require IT to manually move a user from one Org Unit to another. It also requires IT to wait for a manual notification from HR about an internal transfer. But Dennis Irizarry, a senior IT and project management specialist at BetterCloud, explains that this 15-second task is worth the trouble. 

“There are five or six different ways I can change someone’s Org Unit,” Irizzary says. “I’m happy to do it if it means I don’t have to do 30 to 60 minutes of manual work.”

Offboarding employees with just one click

The long and arduous process of offboarding a single employee manually has been well-documented. Much like our previous mid-lifecycle management example, a zero-touch offboarding workflow can reduce that manual work to a single click. 

This example of an offboarding workflow is triggered when a user is moved into a dedicated Offboarding Org Unit.

The triggering event for this offboarding workflow is fairly straightforward. In the example above, the IT department has created an Org Unit in Google Workspace called “Offboard WIP – NO Calendar Deletion.” When an administrator moves a user into that offboarding Org Unit, BetterCloud removes access to all groups, documents, and applications. Neat, right?

You’ll notice that the Org Unit’s name includes “NO Calendar Deletion.” That caught me by surprise at first glance, but I quickly discovered that this is by design. 

As Irizarry explained, managers and colleagues may need access to a terminated employee’s calendar, especially if that person was in a customer-facing role. He adds, “If you’re one of our customers, it’s not a great experience if all of your meetings with the former employee suddenly vanish off of your calendar.”

Leveraging alerts to secure your environment more effectively

I don’t need to tell you that it’s insanely easy for employees to share files internally and externally. It has also never been easier to send sensitive data to someone by accident—and whenever I think of what it must be like to monitor all of this activity manually, I wake up in a cold sweat.

While we haven’t found a way to automate employees out of bad file-sharing habits, BetterCloud customers can set up a series of alerts to give IT a heads up that something might be amiss.

In the screenshot above, we’ve set up an alert to notify us that a Drive file has been shared publicly with a link. Here are a few others that you can (or should) start with:

  • Google Workspace: Folder Shared Externally
  • Google Workspace: Drive File Shared Publicly With Link
  • Google Workspace: File Shared With *@gmail.com
  • Google Workspace: Suspicious User Login

As you probably noticed, there are lots of alerts that IT can set up so that admins don’t have to constantly monitor each application. These alerts are also a great starting point for automating even further. Outside of disabling external file sharing completely, the alerts above give IT an immediate heads up to suspicious activity as soon as it occurs—which makes it much easier to take swift and proactive action.

Final thoughts

The IT folks I’ve chatted with about zero-touch agree that getting it right is an ongoing process. What happens when your engineering department launches a brand new team? Or when your marketing department branches off to support specific aspects of your business? These are fairly common scenarios, which is why I half-jokingly referred to it as zero(ish)-touch earlier in this article. 

But even as your business needs shift, the automations and alerts we discussed can be a great starting point for any IT organization looking to begin its zero-touch journey. And as I quickly discovered, many of these workflows are easy enough for even someone like me to build.

Want to learn more about how BetterCloud can power your zero-touch IT automation strategy? Click here to schedule a demo