RPA and SecurITy: No – these robots aren’t coming to hack your systems!
Security remains an ongoing concern, whether your company is just starting RPA or far along on your journey. I’m guilty of my brazen statements and a recent blog post which posits that IT oversight isn’t necessary with RPA. I did, however, indicate that IT should be included in some fashion.
We recently had a customer who had built out their proof of concept (POC) of their RPA processes and architecture, They planned to go live within a Fortune 500 company. Testing and end user validation had already occurred. When it came time to scale the robots to meet the needs of the call center, IT balked and put the project on hold because it felt it was a violation of security. This is the third time this week that this topic has come up in conversations, so I decided to write something on the subject.
When it comes to technology, and especially the use of cloud-based platforms, security is paramount.
There have been far too many occurrences of widespread hacking and companies being taken down by security holes. I want to stress that RPA poses no more of a security threat to any organization than any other employee who has access to their systems! The robots are essentially software programs that need to be instructed by a human on when and how to run. In order for the robot to function it is given Windows access by a human to performs its task. Whether it be inputting data or working side-by-side with a human on their desktop, they are essentially impersonating what a desktop user or human would be doing.
Things can get a bit more complicated when you add a cloud-based server that manages and administers the robots.
Some of the security features that help with sign-on information is the use of assets/credentials within the UiPath Orchestrator. Having these in a centralized location helps in that one can manage all the credentials in one place versus setting them up on each machine. When I refer to credentials I am talking about the user/password the robot needs to login to the workstation in addition to any it may need to carry out its task on the desktop itself. The credentials are encrypted and stored within a database. The Orchestrator can sit in the cloud or behind an organization’s walls. It has the highest level of security possible for a cloud-based application.
Ultimately, the level of security of the robot is up to the level of security provided by its entity. To understand RPA security is to start with understanding that the robot is just like a human regarding its access. In order for a robot to cause trouble, it would have to be instructed by a human that has access. If those loopholes are already being closed by an organization’s IT and security team, there shouldn’t be a problem.
PS – A word of advice before starting any RPA, AI or ML initiative. Include the IT team in the process from the beginning. Once they are looped in, they will happily let you take it from there.
Peter S Camp is the CTO and Founder of CampTek Software. He has been developing RPA Applications for over 15 years. For further questions, discussion or inquiry about CampTek Software Services, contact firstname.lastname@example.org.