As more organisations digitally transform, Robotic Process Automation (RPA) is playing a crucial role in increasing efficiencies and digitalisation. Rich Turner, SVP EMEA, CyberArk, explores how businesses can build a strong business case for RPA security while ensuring there is a strong privileged access security programme at the core.
Robotic Process Automation (RPA) is becoming an increasingly integral component of Digital Transformation strategies. Why?
According to Deloitte, 53% of organisations have started to leverage RPA to improve efficiency and productivity. RPA allows companies to robotise and automate repetitive tasks, which allows the human workforce to focus on higher value work, accelerate business value and increase process scalability.
RPA adoption is predicted to rise to 72% in the next two years and, should it continue at its present rate, it is set to achieve near-universal adoption within the next five years.
RPA Privileged Access Security: The new business focus
RPA presents an opportunity for security leaders to drive conversations with the wider business about the importance of incorporating strong cybersecurity from the outset.
There are three ways they can go about building a strong business case for RPA security – with protecting privileged access at the core:
Streamline the efficiency of your operations: Approximately 10 to 20% of all human work hours are spent on repetitive computer tasks. RPA helps automate much of this manual work involved in daily business, such as entering data (like invoices and POs) from one application into another.
Implementing privileged access security for RPA is important to not only drive down risk, but also to extend automation to the management and rotation of software robot privileged credentials. This helps IT operations teams streamline processes and improve operational efficiency.
By refocusing these teams on less laborious, more business-critical, intellectually stimulating tasks, organisations can motivate employees, reduce stress, spark interest and job satisfaction and reduce employee burnout and churn.
Mitigate risk and save money: Though current industry estimates on RPA cost savings vary – from 25 to 50% – the ROI is undeniable. The Deloitte study points to total ROI in less than 12 months, with significantly improved compliance, quality, accuracy, productivity and cost reduction. But to realise the full financial promise of RPA, security must be built-in from the start.
Monitoring and protecting the privileged pathway is the first and most critical step in securing RPA workflows. This prevents unauthorised users from gaining access to data processed by RPA software robots and stops malicious insiders and external attackers from progressing their attack.
Compliance can be made simpler: RPA minimises human access to sensitive data, which can reduce risk and compliance issues. However, RPA requires a host of new non-human ‘robots’ that need privileged access to connect to sensitive systems and information, opening the door to new compliance challenges.
A strong, centralised privileged access security solution can dramatically simplify audit reporting by automating the enforcement of privileged access policies and providing complete visibility into ‘who, when, why and what’ took place during privileged sessions.
Are there security risks with RPA?
Although it offers many business benefits, RPA can present significant new security risks for companies as it presents a different attack surface that must then become part of the overall security strategy.
For instance, a typical enterprise RPA deployment will use thousands of software robots in production, which are activated and deactivated on-demand. These robots can perform a huge number of automated, functional tasks every hour – or even every minute.
Each one of these software robots requires privileges to connect to target systems and applications to perform assigned duties. These non-human credentials can become targets if they are left unsecured.
Attackers can compromise them to move laterally and advance their attack. Given the number of bots deployed in production, these unsecured credentials can extend the attack vector.
All of this means that security teams must enforce a strong privileged credentials management and security strategy when their companies embrace RPA, just as they would any other privileged user or process.
The clear business benefits of a strong privileged access security programme can be realised across numerous Digital Transformation initiatives – from RPA and cloud to DevOps.
Effectively conveying the value of privileged access security in enhancing the business will help in gaining critical executive support and obtaining necessary budget and resources.
From there, executive leadership can help rally employees to make it an organisational priority, impart a sense of urgency and ownership, and prevent it from being derailed.