As automation becomes more widespread, it starts to raise a number of questions about its impact on business. The most glaring concern is automation security, as a lot of process owners, especially those coming from large companies, doubt the ability of RPA and cognitive bots to preserve the required level of enterprise data security. Let’s examine why automation data security is so important and what we at WorkFusion do to meet our customers’ and partners’ high security requirements.
Why automation data security is important
According to the recent Magic Quadrant for RPA Software report from Gartner, “RPA is the fastest-growing software subsegment officially tracked by Gartner, with year-over-year growth of more than 63% in 2018.” Not surprisingly, concerns about the ability of various RPA and Intelligent Automation tools to provide the required level of RPA security occupy the thoughts of potential automation adopters. What makes it even more troubling is the fact that a lot of companies implementing automation or thinking of adopting it come from traditionally risk-averse industries that handle a lot of private or confidential data, like banking or insurance.
However, there is a flip side to the coin. EY’s paper, “How do you protect the robots from cyber attack?” states that 74% of security professionals are currently concerned about insider threats and argues that robotic process automation can actually provide better security by:
- helping to reduce employee exposure to sensitive data
- reducing the time required to detect security breaches
- filling the current talent gap in cybersecurity
Whether these goals are achieved or not depends on how well a company will be able to take these critical steps in ensuring automation data security:
- Identify potential security risks before automating the enterprise’s business processes.
- Address these risks by analyzing security features available in the automation tool out-of-the-box, integration with third-party security application (security architecture risk analysis, design review), and auditability of the tool.
- Follow security best practices on all stages of automation: environment setup, developing bots, executing automated business processes, etc.
Complying with these steps will ensure that bots adhere to the security policy established in a company.
What data security risks are associated with automation?
Security risks vary from company to company, but there are several major concerns that are usually associated with automation that should be considered before implementing automation.
- The bots can have access to the credentials required for internal applications and databases. Exposing these credentials can lead to security breaches and endanger confidential information.
- The bots might need to use the enterprise’s confidential data in automated business processes. Exposing this information in logs, dashboards, or reports can also lead to security violations.
- Unauthorized access to the automated business processes when they can be viewed, executed or edited by employees who don’t have permission to do so. If the first two risks are associated with external attacks, this is an internal security risk.
Addressing these and other potential security concerns will help the company not only ensure the proper security of its RPA and cognitive bots but also eliminate existing security threats, as the bots will follow instructions literally and will not divert from them based on personal bias, prejudice or wrong judgment.
Features that ensure automation security
At WorkFusion, we treat customer data security very seriously and provide out-of-the-box security tools in our Intelligent Automation Cloud. There are several important security features that facilitate quick deployment and fully scaled infrastructure and help eliminate security risks.
1. Password management
In automated workflows, the bots need to handle login and password information to access applications, databases, and other tools that are used in the process. That is why the topic of effective password management in automation is so important.
There are two levels of password management in WorkFusion. The first one is a top-notch password vault called Secrets Vault for storing credentials the bot will need to use in business processes. The data stored in the vault is encrypted with a robust algorithm, is accessible to the bot only during the script execution, and is not visible to employees developing and running the business processes. It is also not recorded in the execution logs or any other files, thus eliminating the risks of exposing critical passwords to unauthorized employees and the outside world.
For customers that want to add an extra layer of data security to their processes, we offer seamless integration with CyberArk. WorkFusion was the first RPA and Intelligent Automation vendor to become a certified member of the C3 Alliance, CyberArk’s global tech partner program, and was the first automation vendor whose information management system met the ISO/IEC 27001:2013 security standards.
2. Role-based access and single sign-on
Role-based access control (RBAC) is one of the building blocks of enterprise-level automation security. WorkFusion supports role-based access to the console and supports a multitude of permissions depending on what information users can see and what actions they can perform.
“Segregating” data access allows better control over automated processes and reduces the possibility of fraudulent user actions. In addition to that, single sign-on (SSO) through Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) can provide access to components and data according to the company’s existing roles and create a better division of responsibilities in teams.
The above two features reduce external security risks. Role-based access management ensures the protection of the company from internal wrongdoing and mistakes.
3. Data Encryption
Private customer data, payment details, and other secure data can be used in automated business processes. Transferring such data over secure channels only is a must for ensuring proper automation data security. Intelligent Automation Cloud provides full encryption at rest and in transit, ensuring data loss prevention. The platform is GDPR-compliant and can also be used as a tool to help others become GDPR-compliant through automation of compliance processes.
4. Detailed audit trail
A comprehensive audit trail of all critical bot actions is a must in an automation workflow. Detailed audit logs allow you to trace and analyze the steps that led to an issue and prevent data loss and other security risks in the future.
We hope we gave you a good sense of the importance of automation security. The features above are just a part of the WorkFusion security infrastructure that allows us to meet even the highest security standards of our customers. To learn more about data security in Intelligent Automation Cloud, feel free to ask us.