RPA-InfoSec

RPA and InfoSec – Adversary or Ally?

Some organizations may consider information security (InfoSec) as a restriction on innovation and an obstacle to the possibilities new technologies bring. When we talk with enterprise decision makers, we often hear that they want to involve InfoSec later, when they absolutely must. They don’t want to be slowed down by what developers view as additional requirements.

But if we look at the real world, we see that InfoSec teams ensure that:

  • data is protected
  • people are not able to steal resources
  • the organisation is running as securely as possible

In fact, as more and more organizations adopt and work to scale robotic process automation (RPA), they are finding it can enhance security capabilities. RPA tools are ideally suited for repetitive processes that take up valuable time but can be dull and prone to human error. RPA software bots are configured to execute scripts that follow a given process as long as you wish them to, with no errors. If they run into an exception, they trigger a notification to a human supervisor. In this way, automation dramatically lowers the chances of a mistake that can cause financial risk or corporate embarrassment.

Unlike humans, the automated workforce does not go in search of extra information. When dealing with customer details, for example, bots will not keep a copy of an address or phone number. They do not feel the urge to unmask banking information or look up personal details of a client who happens to be a neighbour. In fact, many advanced RPA tools encrypt data passed across networks so no sensitive data can be copied. And, since there’s no need for clipboard copy and paste of data, there’s no chance of leaving behind a trail of sensitive data that could be misused.

On top of this, RPA tools conduct extensive logging. This means that a human could review all the steps that make up a given process even years later so that exactly what happened is never in dispute. There’s no misguided memory. The bot records each keystroke it executes, the data it processes and the day and time it completes its tasks.

Leading RPA tools also can limit access at a system level so a malicious automation can’t get far. A person configuring an automation also can be restricted from importing and running code in live environments. Some organizations are enhancing InfoSec by creating a new change and release management process for RPA implementations. In this way, the tools combined with best practices provide the necessary controls, checks and balances.

Starting with the elimination of human fallibility, the security benefits of RPA are manifold, and InfoSec teams often are advocating for this technology rather than standing in the way. In our experience, organizations that involve InfoSec early in the RPA discussion experience faster, smoother rollouts thanks to the enthusiasm of the security teams.

If you think security may be an obstacle, then start talking now. You may very well find the opposite to be true.

About the author

Robyn Singlehurst brings expert analysis and development of Technology Architecture, Operations and IT sourcing (infrastructure and applications) as a Principal Consultant. Robyn’s in-depth operational analysis experience gained over 25 years includes leading complex performance improvement and development projects in demanding global environments; developing meaningful management and governance metrics; analyzing large outsourcing contracts and performance against targets as well as designing target Infrastructure Architectures for Automation technologies.