CISO View Insights: Securely Scaling RPA Initiatives

February 19, 2020 Corey O'Connor

RPA Security

According to a recent Deloitte study, robotic process automation (RPA) continues to meet and exceed expectations across multiple business dimensions including improved compliance (92%), improved quality and accuracy (90%), improved productivity (86%) and reduced costs (69%).

But from a cybersecurity perspective, RPA represents a new and attractive attack surface for external attackers and malicious insiders. RPA technologies—and the humans who control them—are often given broad privileged access to highly sensitive data and a variety of business critical applications that open up the enterprise to unnecessary risk. And yet, according to our threat landscape survey, less than half of organizations have a privileged access management (PAM) strategy in place for digital transformation technologies like RPA.

If you’re a security leader grappling with the challenge of how to provide robots with privileged access while safeguarding the business, this report is a must-read. Regardless of where you are in your RPA journey—from planning to implementation to extending use cases—this new CISO View report can help accelerate efforts to enable automation while effectively managing the risks. Learn more by watching the video below.

CyberArk, in conjunction with independent research firm Robinson Insight, has assembled an expert panel of Chief Information Security Officers (CISOs) from the world’s leading organizations to examine attack techniques, provide insights on why organizations often underestimate the risks of RPA-related privileged access and share practical guidance on reducing RPA risk based on their first-hand experiences.

Here are some of their recommendations.

Five Top CISO Recommendations for Securely Driving Innovation through RPA

  1. Be proactive in setting security standards for RPA initiatives. Understandably, organizations are eager to get started with RPA as part of their push toward digital transformation, but security cannot be an afterthought—it must be built in from the start.
  1. Strictly limit access for reprogramming robots. Anyone with the right combination of permissions in the RPA tool can reprogram robots—and potentially cause major issues.
  1. Automate management of credentials used by robots. At the scale and speed of robotic processes, it’s nearly impossible to manage privileged credentials manually.
  1. Establish robust processes for monitoring RPA activity. A compromised robot can do lot of damage—and fast.
  1. Focus conversations with stakeholders on business opportunities and efficiency. Implementing an RPA security strategy will require stakeholder involvement across the enterprise.

Protecting Privileged Access in Robotic Process Automation

These five recommendations form the foundation of a playbook for benefiting from the opportunity of RPA while keeping privileged access protected. These are just a few of the many insights and actionable recommendations for security leaders found in the fourth CISO View report.  On many RPA topics, CISOs on this research panel were in broad agreement. For other issues, this report captures diverse points of view, reflecting varying stages of RPA deployment and a range of organizational cultures.

Members of the RPA CISO View research panel include Global 1000 organizations such as Asian Development Bank, GIC Private Limited, Highmark Health, Kellogg Company, Lockheed Martin Corporation, Orange Business Services, Pearson, Rockwell Automation, Royal Bank of Canada and T-Systems International.

The full CISO View series brings together leading CISOs for peer-to-peer information sharing to help security teams build effective cybersecurity programs.

Learn More: Download the Report and Explore RPA Security Resources

Previous Article
Can We Really Make the World a Passwordless Place?
Can We Really Make the World a Passwordless Place?

The average person uses around 100 username and password combinations. However, while many security teams r...

Next Article
SOC It 2 Me:  CyberArk Achieves SOC 2 Type 2 Compliance
SOC It 2 Me: CyberArk Achieves SOC 2 Type 2 Compliance

Service Organization Control (SOC) 2 is an auditing procedure that ensures service providers are securely m...