Chapter 12. Security and Safety

Before I discuss the benefits, challenges, and concerns regarding security as it relates to ChatOps, I must point out that I’m not an expert in this field. Cybersecurity and system safety compliance are broad and dense topics far beyond the scope of this text. The specific concerns will of course vary from organization to organization, and you should make time for careful consideration and discussion as you begin to roll out your own ChatOps initiative.

With that said, one of the many benefits of ChatOps is that, to a certain degree, a soft layer of security is built in. Even the most powerful custom actions that leverage a chatbot to execute commands, query information, and more have restrictions hardcoded into the instructions and definitions. When a user attempts to execute a command using the incorrect syntax, the chatbot will inform the user that it does not understand what it’s being asked to do. It will only execute commands that are part of its coded instructions. In the event that the user makes a mistake when inputting a command, the same result will happen. Conversely, if a user were to execute syntax from a command line and make a mistake, there could be a negative outcome, and perhaps not something that can be recovered from. Use of the command line combined with high-level access to a system can lead to disaster when mistakes are made.

Security Through Obscurity

ChatOps creates an abstraction layer for end users to interact with systems ...

Get ChatOps now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.