Robotic Process Automation (RPA) is technology that allows configuration of “robots” (i.e. software) to emulate and integrate the actions of a human. RPA is predominant in mining, manufacturing, military/defence and even healthcare. It is anticipated that RPA and Artificial Intelligence (AI) will become more and more prevalent this decade.
Therefore studies such CyberArk’s “The CISO View: Protecting Privileged Access in Robotic Process Automation” are always of interest. Sharing recommendations from information security executives at Global 1000 enterprises, the report discusses how to securely drive innovation through RPA.
The report provides practical recommendations on how organisations can securely adopt RPA while mitigating potential risks, including:
* Limiting access for reprogramming robots – Reduce the risk that comes with RPA permissions – like the ability to reprogram robots – by securely managing credentials to RPA tools and training RPA teams on secure software development practices.
* Automating credential management – Successful RPA deployments require automated credential management, including machine-generated passwords, automatic password rotation, identity verifications and just-in-time or time-limited credential access.
* Establishing robust processes for monitoring RPA activity – Rapidly detect and respond to unauthorised or anomalous robot behaviour by assigning human managers, enforcing least privilege and making actions traceable.
If your organisation already uses RPA it makes good sense to check your organisation’s posture against the report’s recommendations.
If your organisation is planning to deploy RPA, then the risks raised in the report should be incorporated as part of your RPA project’s risk assessment (as part of the project lifecycle), and the recommendations should be considered as part of design and specification artefacts.