Robotic Process Automation (RPA) is becoming an increasingly large part of digital transformation strategies for enterprises
The reasons are clear: According to Deloitte, 53 percent of organisations have started to use RPA to improve efficiency and productivity.
RPA allows companies to robotise and automate repetitive tasks, which allows the human workforce to focus on higher value work, accelerate business value and increase process scalability. RPA adoption is expected to increase to 72 percent in the next two years and, if adoption continues at its current level, it is set to achieve near-universal adoption within the next five years.
Why RPA Privileged Access Security should be the next business focus
RPA presents the perfect opportunity for security leaders to drive conversations with the wider business about the importance of incorporating strong cybersecurity from the start. There are three ways they can go about building a strong business case for RPA security – with protecting privileged access at the core:
- Additional cost savings from reducing risk: Though current industry estimates on RPA cost savings vary – from 25 to 50 percent – the ROI is undeniable. The Deloitte study points to total ROI in less than 12 months, with significantly improved compliance, quality, accuracy, productivity and cost reduction. But to realise the full financial promise of RPA, security must be built in from the start. Monitoring and protecting the privileged pathway is the first and most critical step in securing RPA workflows. This prevents unauthorised users from gaining access to data processed by RPA software robots, and stops malicious insiders and external attackers from progressing their attack.
- Improving the efficiency of your operations: Approximately 10 to 20 percent of all human work hours are spent on repetitive computer tasks. RPA helps automate much of this manual “hand work” involved in daily business, such as entering data (like invoices and POs) from one application into another. Implementing privileged access security for RPA not only drives down risk, but also extends automation to the management and rotation of software robot privileged credentials. This helps IT operations teams streamline processes and improve operational efficiency. By refocusing these teams on less laborious, more business-critical, intellectually stimulating tasks, organisations can motivate employees, reduce stress, spark interest and job satisfaction and reduce employee burnout and churn.
- Compliance made easy: RPA minimises human access to sensitive data, which can reduce risk and compliance issues. However, RPA requires a host of new non-human “robots” that need privileged access to connect to sensitive systems and information, opening the door to new compliance challenges. A strong, centralised privileged access security solution can dramatically simplify audit reporting by automating the enforcement of privileged access policies and providing complete visibility into “who,” “when,” “why” and “what” took place during privileged sessions.
The security risks of RPA
Although it offers many business benefits, RPA risks introducing significant new security risks for companies as it expands their overall attack surface. For instance, a typical enterprise RPA deployment will use thousands of software robots in production, which are activated and deactivated on-demand. These robots can perform a huge number of automated, functional tasks every hour – or even every minute. Each one of these software robots requires privileges to connect to target systems and applications to perform assigned duties. These non-human credentials can become prime targets if they are left unsecured. Attackers can compromise them to move laterally and advance their attack. Given the number of bots deployed in production, these unsecured credentials can dramatically expand what needs to be defended.
All of this means that security teams must enforce a strong privileged credentials management and security strategy when their companies embrace RPA, just as they would any other privileged user or process.
The clear business benefits of a strong privileged access security programme can be realised across numerous digital transformation initiatives – from RPA and cloud to DevOps. Effectively conveying the value of privileged access security in enhancing the business will help in gaining critical executive support and obtaining necessary budget and resources. From there, executive leadership can help rally employees to make it an organisational priority, impart a sense of urgency and ownership, and prevent it from being derailed.