5 Best Practices for Robotic Process Automation Security

December 10, 2019 Corey O'Connor


RPA Security

Robotic process automation (RPA) is a powerful technology that streamlines and standardizes many process-oriented tasks. It is gaining traction around the globe and is now widely viewed as a core component of digital transformation initiatives. Applied to the right processes, RPA software robots can significantly improve productivity, quality and the accuracy of data and compliance, while empowering human workers to focus on more strategic and fulfilling work.

More than 78 percent of respondents to the CyberArk Global Advanced Threat Landscape 2019 Report say they are already investing in RPA technology or plan to invest or increase their investment over the coming year. A corroborating BluePrism study shows that 94 percent of business decision-makers understand the benefits RPA can bring to their business, with the vast majority (92 percent) planning to extend automation use cases.

According to the same BluePrism study, one-third of businesses around the world are currently automating between 20 and 29 tasks, and nearly a quarter are automating more than 40 tasks. These levels of adoption are not confined to single departments, RPA advocates are sharing their knowledge and building enthusiasm and support across the enterprise.

RPA Security and the Privileged Pathway in RPA

To perform automated functional tasks, this new digital workforce requires privileged access and credentials to connect to target systems and other applications, such as financial systems, ERP, CRM, supply chain and logistics systems – and even email. When these privileged credentials are left unsecured, they can become vulnerable to targeted, credential-based cyber attacks.

Since robots can be generated automatically, the number deployed within an organization can grow rapidly – and that number may need to change frequently, compounding security risks. The privileged account credentials that robot scripts use can dramatically increase the threat surface if they are stored insecurely. The risks are even greater if organizations deploy Remote Desktop Applications (RDA) robots, commonly referred to as “unattended RPA,” using shared credentials.

As RPA deployments surge and the number of software robots continues to expand, organizations are searching for ways to marry automation with enforceable security practices that can help protect RPA investments while also recognizing faster time to value.

Five RPA Security Best Practices for Privileged Credentials and Access

Protecting software robot privileged credentials and access should follow the same security standards used for human users and applications, such as enforcing the principle of least privilege. However, there are a few implementation tweaks specific to RPA technology and the robot lifecycle that need to be implemented as well. For instance, removing hard-coded credentials from robot application scripts. Watch the whiteboard video below to learn five security best practices businesses should consider incorporating into their RPA workflows.


We’re only at the beginning of how RPA technology will transform businesses, but, as with most innovations, RPA can significantly expand the attack surface if not implemented properly. CyberArk can help you secure privileged account credentials used in RPA platforms and the expanding deployments of software robots.

CyberArk integrates seamlessly with more RPA solutions than any other privileged access management (PAM) vendor on the market. To see an integration in action, check out this recent webinar with BluePrism. And to dig deeper, visit our website or read this solution brief.



Previous Article
Fortune 100 Insurance Company Implements CyberArk and BluePrism
Fortune 100 Insurance Company Implements CyberArk and BluePrism

A global insurance provider overcomes operational challenges, streamlines workflow processes and enables or...

Next Article
RPA: Citizen Developers – at the Corner of Speed and Value
RPA: Citizen Developers – at the Corner of Speed and Value

Gartner’s definition:  “A citizen developer is a user who creates new business applications for consumption...