David Higgins at CyberArk describes how security must underpin the adoption of robotic process automation (RPA)
Bill Gates once stated, “The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency.” The quote, while not only accurate, served as a prescient prediction of the highs automation would hit in the years that followed.
It’s now seen everywhere; globally, there’s been a surge in businesses across the globe using automating technologies to deliver better outcomes for employees and customers. One specific example which is exponentially growing is that of Robotic Process Automation (RPA).
It’s been talked about for a while but RPA is now poised to take centre stage as one of the key disruptive technologies fuelling transformation, as organisations take their first steps into what is set to be the ‘automation-first’ era. In fact, it’s already been ranked by industry experts as one of the fastest-growing enterprise software categories, thanks to its ability to help businesses and their employees achieve the efficiency, accuracy and speed needed to both compete and thrive in a world where technology-driven innovation is becoming widespread.
It isn’t all plain sailing though. Of all the perennial challenges that come with implementing a new technology, security looms the largest for those responsible for introducing RPA. Automation and security simply have to go hand in hand to deliver the optimised workflows and maximised workforce efficiencies that RPA promises. The consequences of not doing can be hugely disruptive to businesses and their teams. Let me explain why.
The rise of the automation-first era
For decades, technology innovations have shaped and reshaped our daily lives and ways of working. RPA might well be poised to assume the mantle of ‘the next big thing’, but it is the latest in a series of technological innovations which have revolutionised business. Let’s take a quick look at their chronology to better understand why RPA represents the next step in IT’s evolutionary journey:
- The mainframe era was the start, enhancing computational and transactional capabilities for governments, large businesses, and research organisations.
- Then came personal computers which brought power to the broader population and smaller businesses.
- Graphical user interfaces made computers more intuitive. This empowered less technologically-savvy individuals to use computers, extending the reach of technology further into business and society.
- The internet then came along, connecting this vast network of computers and users together.
- Mobile brought the power of the internet straight to our fingertips.
- Then finally, the cloud created a new way to store large amounts of data, setting the foundations for the AI boom.
Better process mapping and the advent of computer vision have served as the foundation for the fast growth of AI, which in turn is heralding a new era of ‘automation-first’. This era will be the best-of-all-worlds, allowing employees to use their empathy and creativity to find solutions to the issues which matter the most, with other tasks being completed autonomously by tech applications and robots which need little to no human input.
RPA in essence is a pragmatic application of AI that will drive process automation and digitisation, and play a huge role in transitioning IT to an automation-driven practice through its ability to automate a wide range of knowledge work with great speed and precision, via machine identities. On paper this appears a clear win, but in practice, it’s very challenging to achieve this IT utopia without business decision makers ensuring they’re considering security.
Utilising RPA within your business
RPA is helping organisations capitalise on digital initiatives that have been on their agenda for some time, but yet to realise any actual value. Its ability to automate manual processes and enable users to break through conventional thinking is a key contributing factor behind this change.
In financial services for example, RPA bots are doing everything from streamlining manual underwriting processes, and reducing fraudulent activity through account monitoring, to assisting with customer onboarding. In essence, applying automation to countless new areas of businesses that hadn’t previously been regarded as receptive to the technology.
At their core, RPA technologies are meant to enhance, not replace the human workforce, and business decision makers must examine what their teams are already doing and determine which of the tasks require human involvement – whether it’s data entry, transaction processing, or response triggering – at the beginning of their RPA journey. Doing so successfully will enable the effective distribution of work and maximise workforce efficiency.
Secondly, when evaluating RPA, leaders should consider both a top-down approach, which identifies and prioritises key areas of automation to maximise ROI, and a bottom-up approach, which empowers workers with automation based on their individual needs.
Ensuring RPA initiatives are secure
As with any technology investment and IT innovation, security needs to be a key consideration right from the outset of any RPA initiative. Boards must understand the direct correlation between securing RPA programmes and business success.
RPA bots and automation processes typically require high levels of privilege – in other words, restricted access to sensitive systems and information – to do their jobs. From interacting directly with business applications, to mimicking human behaviour, and mirroring human identity and access permissions across multiple systems, they provide attackers with further ways to potentially steal data.
That means access to critical business systems and data is ‘there for the taking’ for those threat actors who succeed in getting their hands on unsecured RPA admin and bot ‘credentials’ – in essence, passwords to you and me.
This is where Identity Security policies can assist. They help mitigate the threat of credential-based attacks by enforcing consistent, traceable Identity Security policies, such as automatically rotating privileged credentials, establishing secure connections, and placing time limits on access permissions. All of these can reduce the threat of credential abuse, and the extent to which attackers can escalate access privileges to infiltrate deeper into networks, and critically disrupt operations.
The future of RPA
For business leaders, RPA provides an enormous opportunity to reshape the nature of work. Reaching new levels of operational efficiency is vital, but without considering the safety of RPA projects, it’s unlikely it will succeed in the new automation-first era.
David Higgins is EMEA Technical Director at CyberArk
Main image courtesy of iStockPhoto.com