Barbarians at the Gate – RPA and Security Concerns


For enterprises considering the use of Robotic Process Automation (RPA), security risks are often at the top of the list of potential concerns. The perception we’ve encountered is that RPA will create an environment of intelligent robots operating without any oversight. A specific objection voiced by one client’s IT Director was that their organization operated in a highly regulated environment and could never allow robots to “run free on the network”.

In reality, a compelling case could be made that robots are inherently more secure than people. For one thing, robots inherit the security access and profile of the human users they are programmed to mimic. In other words, the security policies and access controls suitable for human users can be applied “as is” to digital robots. Access for human users to assign robots to execute tasks is then controlled in similar fashion via a centralized “control room” that is standard in leading RPA platforms. The robots’ actions – and the humans who assign them to those actions – are then logged in auditable files in the “control room.”

Further, unlike human users, once a robot has been trained to perform a task, it never deviates from the policies, procedures and business rules as they have been written. And unlike human users, robots lack curiosity (e.g., won’t open phishing emails), cannot be tricked into divulging information or downloading unauthorized software, and have no motives which might tempt them to violate existing policies.

RPA certainly represents an unprecedented level of transformation and disruption to “business as usual” – one that requires careful preparation and planning. But while caution is prudent, many of the concerns, such as security and resource requirements, are largely misplaced.