Unauthorized or anomalous robotic behavior can wreak worse problems than humans can, claim researchers.
Less than half of organizations have a privileged access management strategy in place for digital transformation technologies such as Robotic Process Automation. This would open attack surfaces that could derail efforts to boost productivity and revamp outdated work processes.
This is what a new report, “The CISO View: Protecting Privileged Access in Robotic Process Automation” by privileged access management specialist CyberArk asserts.
Sharing recommendations from information security executives at Global 1000 enterprises, the report discusses how to securely drive innovation through robotic process automation (RPA). In examining attack techniques and providing practical advice from early RPA adopters on how organisations can mitigate the risks associated with non-human privileged access, the report recommends tightening access to RPA tools and mandating secure practices for developing robot scripts. It is placing an emphasis on integrating RPA and enterprise security technologies in order to automate the management of credentials and detect misuse.
Members of the CISO View research panel include Global 1000 organizations such as Asian Development Bank, GIC Private Limited, Highmark Health, Kellogg Company, Lockheed Martin Corporation, Orange Business Services, Pearson, Rockwell Automation, Royal Bank of Canada, and T-Systems International. The experts share key recommendations for how organisations can securely adopt RPA while mitigating potential risks, including:
- Limiting access for reprogramming robots – Reduce the risk that comes with RPA permissions – like the ability to reprogram robots – by securely managing credentials to RPA tools and training RPA teams on secure software development practices.
- Automating credential management – Successful RPA deployments require automated credential management, including machine-generated passwords, automatic password rotation, identity verifications and just-in-time or time-limited credential access.
- Establishing robust processes for monitoring RPA activity – Rapidly detect and respond to unauthorized or anomalous robot behavior by assigning human managers, enforcing least privilege and making actions traceable.
Said Marianne Budnik, CMO, CyberArk: “From finance and HR to manufacturing, organizations are rapidly adopting RPA to drive new efficiencies for their business and deliver innovative services to customers. This report provides a playbook for organizations to embrace security in a way that enables the business and helps RPA projects move forward as part of key digital transformation initiatives.”
The fourth in The CISO View series, this report was developed in conjunction with independent research firm Robinson Insight.