FINAL WORD
With unattended robots in automation created by citizen developers , organizations can help eliminate human errors .
systems , live on networks , approve processes and execute tasks , robots need to be assigned high-level privileged access .
Rather than manually assigning , managing and updating the bot credentials to perform its task , all hard-coded privileged credentials are removed from robot scripts , and replaced with an API call pointing to automatically rotating credentials stored in a secure , centralized repository .
Automated RPA credentials management enables consistent implementation of security measures such as rotation of credentials , multi-factor authentication , password uniqueness and complexity requirements , and – given certain criteria – the suspension of privileged credentials .
However , robot credentials are equally exposed to risk like those access identities assigned to a real-life person and , if not secured correctly , this can give cybercriminals another way to steal data and cause chaos .
Thus , it is understandable that the use of unattended bots can cause a rift between security and automation teams , with the former requiring more stringent security measures and the latter struggling to implement security measures either due to a lack of knowledge or lack of time .
Enforcement of strong security practices was difficult for cybersecurity teams and their ‘ stern recommendations ’ led to a split among citizen developers . Some were discouraged from using attended automation , which stifled innovation . Others went ahead and implemented non-sanctioned RPA applications , which created gaps in the organization ’ s cybersecurity .
How to secure unattended automation
Fortunately , security concerns about the use of unattended robots can be addressed . Without requiring extra work from the staff that the technology aims to free up , this can be done via automated , centralized management of RPA credentials .
Best practice also includes giving bots their own unique identity , credentials and entitlements to ensure that non-repudiation and separation and segregation of duties are adequately controlled . In addition , limiting access only to applications and databases needed for the bots to do their job can help in identity management .
This refers to the application of the principle of least privilege to robots just as a human user can be assigned minimum levels of access or permissions needed to perform tasks .
Unlock the power of RPA
An all-in-one automated centralized repository solution removes old roadblocks , but to truly unlock the power of the citizen developer and the ultimate benefits of RPA , organizations must embrace DevSecOps and bring together automation and security from the start .
Engaging with security teams and security professionals early on will allow RPA teams and citizen developers across various industries to speed past security concerns , and effectively scale the number of RPA bots in their organization without introducing security risks or slowing down innovation . p
84 INTELLIGENTCIO APAC www . intelligentcio . com