By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk
Robotic process automation (RPA) has been one of the key technologies underpinning digital transformation and, since it first appeared on the market a few years ago, the market has grown substantially. Now expected to reach $11 billion by 2027, RPA helps organisations achieve the efficiency, accuracy and speed necessary to thrive.
By successfully supplementing rather than replacing human resources, RPA is empowering workers to use their experience and capabilities in a more engaging and beneficial way, rather than focusing on manual and time-consuming processes. For example, in the financial services industry, RPA bots are helping to do everything from streamlining manual underwriting processes and reducing fraudulent activity through to account monitoring and assisting with new customer onboarding. While this leads to numerous benefits for workers and employers, organisations need to be aware that RPA comes hand-in-hand with specific security considerations.
As with other new and powerful technological initiatives, RPA projects need to be approached with cyber security as necessary component. Doing so will allow organisations to deliver enhanced digital experiences both quickly and safely.
RPA advancement
Multiple industries have embraced RPA as a means of solving business problems. Yet, early implementations of RPA, namely semi-attended bots, necessitated human supervision, requiring a person to hit the ‘go’ button in order to accomplish a task and requiring the user’s digital identity to do so.
As organisations look to digitally advance however, ‘citizen developers’ or those who use low-code or no-code platforms to design their own automated processes have taken it upon themselves to push automation to the next level – entirely unattended robots.hese unattended robots though, require access to the same networks, systems, and applications as their human counterparts, including access to systems which require the highest level of privileged access. This access makes robot credentials and identities just as vulnerable to threat actors as those of human workers, and not effectively securing them provides opportunity for havoc.
The future of RPA then, has created a rift between security and automation teams. With security professionals demanding stricter measures and the latter struggling to implement them, many developers have been discouraged and ceased their creativity and innovation whichc is necessary to advanceing RPA technology. Those developers who have decided to continue in their pursuits and adopt non-approved RPA programmes however, have created gaps in their company’s cybersecurity.
Putting security first
Fortunately, there is a way to address security problems while still using secure unattended robots, allowing citizen developer innovation and without demanding additional work from the teams which organisations are wanting to free up. The solution is the automated and centralised management of RPA credentials.
All hard-coded privileged credentials are removed from robot scripts and replaced with an API call pointing to automatically rotated credentials maintained in a secure, centralised repository – rather than manually assigning, managing, and upgrading the credentials a bot needs to do its work. This ensures security mechanisms, such as multifactor authentication, password uniqueness and complexity requirements, and the suspension of privileged credentials are all consistently implemented.
It’s also good practice for security teams to ensure bots have their own unique identity credentials – similar to to limiting a human user’s access or rights to the bare minimum necessary for their work. This ensures non-repudiation and separation/segregation of duties, as well as limits access to the applications and databases bots need.
Liberating works and innovation
To truly unlock the citizen developer’s innovation and liberate workforces through RPA, organisations must adopt DevSecOps and bring automation and security together from the start. By engaging with security teams and professionals at an early stage, organisations will be able to effectively – and safely – scale the number of RPA bots in their organisation.