With RPA on the rise, security challenges remain

Enterprise

Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.


Robotic process automation (RPA) is experiencing a watershed moment. Gartner estimates that 50% of U.S. health providers will invest in RPA over the next three years. Moreover, the overall RPA market is expected to grow by more than 7% annually over the next few years to reach $379.87 million by 2027, up from $182.8 million in 2019.

Switching repetitive tasks to RPA functions not only eliminates errors but garners significant cost savings. That’s because RPA addresses bottlenecks with workflows, data, and documentation while providing audit trails and reducing both compliance expenses and risks. RPA can also boost legacy integration and record digitization plus enable data-driven decisions and “path-to-cognitive” technologies, according to Technologent CIO and VP Mike McLaughlin.

“The definition of RPA can be simplified as the category of software that automates tasks traditionally performed by a human, using software robots that follow a specific set of rules and interact with existing systems via user interfaces,” McLaughlin explained to VentureBeat via email. “These software robots can replace repetitive tasks, do system integrations, and automate transactions from task level to enterprise level via scheduled orchestration.”

For example, San Jose-based RPA firm Automation Anywhere recently worked with a pharmaceutical company in Europe to accelerate the research and approval of COVID-19 vaccines by augmenting reporting. RPA startup UiPath has also assisted with efforts around the pandemic, for instance helping the U.S. Department of Homeland Security use software bots to perform coronavirus-related data analysis.

Deloitte reports that organizations that have implemented and scaled RPA see a return on investment within 12 months. And according to Everest Group, top performers earned nearly four times on their RPA investments while other enterprises earned nearly double.

This isn’t to suggest that RPA is without its challenges. The credentials that enterprises grant to RPA technology is an access point for a hacker. When dealing with hundreds to thousands of RPA robots with IDs connected to a network, each could become an attack vessel if identity-centric security practices aren’t applied.

“Without tracking the exact access being granted, organizations are allowing [RPA] workers to leave their most valuable asset out in the open — privileged credentials,” One Identity president and GM Bhagwat Swaroop told VentureBeat. “Bad actors are targeting privileged credentials to gain access and move laterally within the network. With 53% of breaches being linked to misused or overused privileged credentials, the unmonitored and unrestricted access of RPA makes it even more susceptible to a breach than its human counterparts. If the privileged access vulnerabilities of RPA aren’t addressed quickly, I predict there will be a significant amount of RPA breaches that occur over the next year.”

Part of the problem is that many RPA platforms don’t focus on solving security flaws. That’s because they’re optimized to increase productivity, and because some security solutions are too costly to deploy and integrate with RPA, Swaroop says.

Of course, the first step to solving the RPA security dilemma is recognizing that there is one. Realizing that RPA workers have identities gives IT and security teams a head start to securing RPA technology prior to its implementation. Swaroop recommends that organizations extend their identity and governance administration (IGA) to focus on the “why” behind a task versus the “how.” Through a strong IGA process, companies adopting RPA can implement a zero trust model to manage all identities — whether human, machine, or applications.

“Through IGA processes, enterprises have the correct access management controls to mitigate risks, such as privilege creep, orphaned accounts, and the exposure of passwords and secrets. By eliminating the gaping holes in companies’ current RPA strategies, IT and security teams can ensure cybercriminals can’t compromise the robot or, worse, infiltrate their network,” Swaroop said.

He also suggests putting in place a privileged access management (PAM) setup that can secure and govern RPA systems. PAM systems allow enterprises to secure, control, and audit credentials and privileges RPA technology uses without compromising the return on investment.

“When a digital worker needs privileged access, the robot can retrieve credentials automatically from a PAM system, without any exposure to the bot owners or developers,” Swaroop said. “This not only provides a full audit trail of which digital workers accessed what applications, but also provides individual accountability and proof that no one can obtain the password, in a noncompliant manner, without slowing down robotic operations.”

For AI coverage, send news tips to Khari Johnson and Kyle Wiggers — and be sure to subscribe to the AI Weekly newsletter and bookmark our AI channel, The Machine.

Thanks for reading,

Kyle Wiggers

AI Staff Writer

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member