3 common security issues to avoid when using traditional RPA


By Devin Gharibian-Saki, Chief Solution Officer, Redwood Software

‘Efficiency’ is a byword for any discussion around RPA and robotics but isn’t necessarily one that works in perfect harmony with other enterprise needs – specifically those of security and governance.

But failing to put appropriate security measures in place can lead to a single disastrous incident from which it takes years to recover.

Consider Yahoo!. The web company was forced to announce, mid-sale to Verizon, that information on nearly all of its three billion users had been compromised. The outcome? A decrease in sale price by an estimated $350m and a significant knock to the reputation of an already struggling brand.

Security issues – and not just those restricted to headline-grabbing hacks – are often put at the forefront of an enterprise’s activity. And for a justified reason: the price of failure is simply too high.

Most commonly, in the context of RPA, fraud, and data leakage are two of the most important areas that deserve attention – although this doesn’t always mean they receive it.

A PwC report on fraud within enterprises found that 64% of respondent organizations could experience losses of up to $1m as a result of “their most disruptive fraud” this year, while simultaneously finding that 52% of fraud instances are perpetrated by someone inside the company.

With these figures not likely to abate anytime soon, sensible RPA security practices are a must and don’t need to be complex.

Here are a few simple security mistakes and how to avoid them.

Don’t store the credential data of an existing human to operate bots

While advanced RPA solutions such as Redwood’s can easily handle processes that depend on interactions between humans and bots, one thing you should never do is assign bots human user credentials. Problems with typical RPA tools and security starts with the simple fact that bots are hard coded and the degree of sophistication of security, or otherwise, is dependent on the quality and consistency of the bot developer. Also, most RPA tools require third-party tools like CyberArk to help them plug gaps in credential management and store the passwords of humans. This is not the typical scenario with Redwood.

In essence, using encrypted protocols, independent credentials and change audit are the key to avoiding the dependency on developer consistency to ensure appropriate security.

Know the capabilities

We’ve mentioned previously that not all RPA tools are created equally. While Redwood Robotics solutions provide management of the full lifecycle of an end-to-end robotic process, other tools require third-party add-ons in order to provide a similar level of management. Examples are how credentials are being managed and how different versions of processes are audited etc.  And the more complimentary tools you have to oversee the greater the degree of complexity growth as you extend process usage.

Avoid inadvertent escalations

With many RPA tools, the quality of the process is primarily dependent on the skills and aptitude of the developer – version management, tracking changes and secure communications are examples. Gartner summarizes this issue as part of a wider problem: being aware of breaks in segregated duties brought about by the introduction of RPA tools.

For traditional RPA tools that require dedicated developer teams and human bot operators, avoiding breaks in segregation of duties can be unavoidable, which often means the need for more third-party software to monitor for fraud. Ultimately, the easiest way to avoid privilege escalation as a result of RPA is to ensure that all bots only have the minimum access and capabilities required to perform their task.

While these are all issues for many RPA customers, they’re not problems for Redwood Robotics users as all robots arrive pre-programmed and ready to deploy, with full audit and compliance tools built-in. And without the need for significant dedicated technical support.

By taking a strict process-based approach during the planning phase, rather than creating an ad-hoc patchwork of automation tools, security and fraud risks are minimized from the outset.

To see what Redwood Robotics can do for your company, get in touch today.

share

Get in touch with Redwood to find out more.

Communication Preferences
You can change your preferences any time. Please read our privacy policy for more details.