The Business Case for Securing Robotic Process Automation
As part of their ongoing digital transformation journeys, enterprises are turning to Robotic Process Automation (RPA) to enhance efficiency and productivity. According to Deloitte, 53 percent of organizations have started to leverage RPA to robotize and automate repetitive tasks to allow the human workforce to focus on higher value work, accelerate business value and increase process scalability. RPA adoption is expected to increase to 72 percent in the next two years and, if adoption continues at its current level, RPA will achieve near-universal adoption within the next five years.
Building the Business Case for RPA Privileged Access Management
As organizations consider RPA, CISOs and security leaders have a timely opportunity to drive conversations with the business about the value of applying strong cybersecurity to this transformative technology, and related business outcomes. Here are three ways to build the business case for RPA security – centered on protecting privileged access:
- Reduced risk = additional cost savings. Though current industry estimates on RPA cost savings vary – from 25 to 50 percent – the ROI is undeniable. The Deloitte study points to total ROI in less than 12 months, with significantly improved compliance, quality, accuracy, productivity and cost reduction. But to realize the full financial promise of RPA, security must be built in from the start. Monitoring and protecting the privileged pathway is the first and most critical step in securing RPA workflows. This prevents unauthorized users from gaining access to data processed by RPA software robots, and stops malicious insiders and external attackers from progressing their attack.
- Greater operational efficiency. Approximately 10 to 20 percent of all human work hours are spent on repetitive computer tasks. RPA helps automate much of this manual “hand work” involved in daily business, such as entering data (like invoices and POs) from one application into another. Implementing privileged access management (PAM) for RPA not only drives down risk, but also extends automation to the management and rotation of software robot privileged credentials. This helps IT operations teams streamline processes and improve operational efficiency. By refocusing these teams on less laborious, more business-critical, intellectually stimulating tasks, organizations can motivate employees, reduce stress, spark interest and job satisfaction and reduce employee burnout and churn.
- Simplified compliance: RPA minimizes human access to sensitive data, which can reduce risk and compliance issues. However, RPA requires a host of new non-human “robots” that need privileged access to connect to sensitive systems and information, opening the door to new compliance challenges. A strong, centralized privileged access management solution can dramatically simplify audit reporting by automating the enforcement of privileged access policies and providing complete visibility into “who,” “when,” “why” and “what” took place during privileged sessions.
The clear business benefits of a strong privileged access management program can be realized across numerous digital transformation initiatives – from RPA and cloud to DevOps. Effectively conveying the value of privileged access management in enhancing the business will help in gaining critical executive support and obtaining necessary budget and resources. From there, executive leadership can help rally employees to make it an organizational priority, impart a sense of urgency and ownership, and prevent it from being derailed.
Robotic Process Automation: Expanding the Cyber Attack Surface
Despite its many benefits, RPA can introduce significant new security risks and expand an organization’s overall attack surface. Consider that, in a typical enterprise RPA deployment, an organization may utilize thousands of software robots in production, which are activated and deactivated on-demand. These robots can perform a huge number of automated, functional tasks every hour – or even every minute. (For a deeper dive on this, check out our on-demand webinar “The Power and Potential of Robotic Process Automation.”) Each one of these software robots requires privileges to connect to target systems and applications to perform assigned duties. If these non-human credentials are left unsecured, they become ripe targets. Attackers can compromise these valuable credentials to move laterally and advance their attack. Given the number of bots deployed in production at any given moment, these unsecured credentials can expand the attack vector exponentially.
All of this means that as organizations embrace RPA, security teams must manage and protect privileged credentials for these robots just as they would any other privileged user or process.
Robotic Process Automation Privileged Access Management in Action: CyberArk and UiPath
Today, CyberArk delivers more out-of-the-box integrations with top RPA solutions and secures more in-production deployments than any other privileged access management vendor. One such integration is with UiPath, which enables organizations to implement privileged access management controls directly into their RPA workflows and processes, and ultimately, deliver greater business value.
The integrated solution centrally stores and manages all Windows domain login credentials via UiPath’s Orchestrator (part of the UiPath Enterprise RPA Platform, which provides centralized scheduling, management and monitoring capabilities for all software robots) and all other non-Windows credentials directly through the CyberArk Privileged Access Security Solution. Software bots can securely retrieve the required credentials prior to performing automated tasks. For a full demo, check out this on-demand webinar.