Risks

The critical point when it comes to job scheduling is the fact that it perfectly implements code injection across your network - which is what we usually call a vulnerability.

• Jobs are code, frequently shell commands, that are forwarded to remote servers and that are executed in unattended mode.
• Users have to open their network and make their firewalls look like swiss cheese to allow access from a central server where the a job scheduler scheduling product is operated to any remote servers in their network.

Certainly, central management of jobs is the basic usefulness of a job scheduler scheduling product, however, users should be aware of organizational risks:

• Frequently a few persons with access to the job scheduler scheduling product manage job execution on executions for a larger number of machines servers in the network. You have to trust their honesty.
• At the same time an increasing number of attacks on data security is performed by insidersinside the IT operations department.

Mitigation Strategies

Basically risks boil down to network security and personal responsibility.

Some vendors implement proprietary protocols between job scheduler scheduling server product and agents. However, it is ridiculous to assume a protocol to be secure just because "you don't know". The effort to re-engineer protocols falls back continuously. In addition there is a proven track record of proprietary code that includes backdoors, e.g. for debugging purposes, that make it hard to believe in security by obscurity.

...