The importance of Data Security in Automation
As automation becomes more widespread, it starts to raise a number of questions about its impact on business. The most glaring concern security, as a lot of process owners, especially those coming from large companies, doubt the ability of RPA and cognitive bots to preserve the level of enterprise data security required. Let’s examine why automation data security is important and what we at WorkFusion do to meet our customers’ and partners’ high security requirements.
Why automation data security is important
According to the recent Magic Quadrant for RPA Software report from Gartner, “RPA is the fastest-growing software subsegment officially tracked by Gartner, with year-over-year growth of more than 63% in 2018.” Not surprisingly, concerns about the ability of various RPA and Intelligent Automation tools to provide the required level of data security occupy the thoughts of potential automation adopters. What makes it even more troubling is the fact that a lot of companies implementing automation or thinking of adopting it come from traditionally risk-averse industries that handle a lot of private or confidential data, like banking or insurance.
However, there is a flip side to the coin. EY’s paper,
“How do you protect the robots from cyber attack?” states that 74% of security professionals are currently concerned about insider threats and argues that robotic process automation can actually provide better data security by:
- helping to reducing employee exposure to sensitive data
- reducing the time required to detect security breaches
- filling the current talent gap in cybersecurity
Whether these goals are achieved or not depends on how well a company will be able to take these critical steps in ensuring data security in automation:
- Identifying potential security risks before automating the enterprise's business processes.
- Addressing these risks by analyzing security features available from automation tools out-of-the-box, integration with third-party security application (security architecture risk analysis, design review) and auditability of the tool.
- Following security best practices on all stages of automation: environment setup, developing RPA bots, executing automated business processes, etc.
Complying with these steps will ensure that bots adhere to the security policy established in a company.
What data security risks are associated with automation?
Security risks vary from company to company, but there are several major concerns that are usually associated with automation that should be considered before implementing automation.
First, bots can have access to the credentials required for internal applications and databases. Exposing these credentials can lead to security breaches and endanger confidential information.
Second, the bots might need to use the enterprise’s confidential data in automated business processes. Exposing this information in logs, dashboards or reports can also lead to security violations.
Another concern is unauthorized access to the automated business processes, when they can be viewed, executed or edited by employees who don’t have a permission to do so. If the first two risks are associated with external attacks, this is an internal security risk.
Addressing these and other potential security concerns will help the company not only ensure the proper security of its RPA and cognitive bots, but also eliminate existing security threats, as the bots will follow instructions literally and will not divert from them based on personal bias, prejudice or wrong judgment.
Data security in WorkFusion
At WorkFusion, we treat customer data security very seriously and provide several out-of-the-box security tools in our Intelligent Automation Cloud. Here are some, but not all, of the tools that help eliminate security risks
There are two levels of password management in WorkFusion. The first one is a top-notch password vault called Secrets Vault for storing credentials the bot will need to use in business processes. The data stored in the vault is encrypted with a strong algorithm is accessible to the bot only during the script execution and not visible to employees developing and running the business processes. It is also not recorded in the execution logs or any other files, thus eliminating the risks of exposing critical passwords to unauthorized employees and the outside world.
For customers that want to add an extra layer of data security to their processes, we offer seamless integration with CyberArk. WorkFusion was the first RPA and Intelligent Automation vendor to become a certified member of the C3 Alliance, CyberArk’s global tech partner program, and was the first automation vendor whose information management system met the ISO/IEC 27001:2013 security standards.
Transferring data that is used in automated business processes over secure channels is a must for ensuring proper automation data security. WorkFusion’s Intelligent Automation Cloud rovides full encryption at rest and in transit, ensuring data loss prevention. The platform also supports operations on the encrypted hard disks.
Intelligent Automation Cloud supports role-based access to the data, depending on what information users can see and what actions they can perform. “Segregating” data access allows to provide better control over automated processes and to reduce the possibility of fraudulent user actions. If the above two tools reduce external data security risks, role-based access management ensures the protection of the company from internal wrongdoings.
Single Sign On
Single Sign On (SSO) is an important part of enterprise-level data security. SSO through Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) allows to provide required role-based access to components and data according to the company roles and create a better division of responsibilities in the team.
A comprehensive audit trail in Intelligent Automation Cloud provides information about important bot and user actions. Audit logs allow you to trace and analyze the steps that led to an issue and prevent data loss and other security risks in the future. No data from the credentials vault is ever recorded in the audit logs.
These security tools (as well as some others we haven’t mentioned) ensure that customer data is kept secure and even the highest security standards are met in the automated business processes.