Scaling securely in the automation-first era

An abstract image of cybersecurity.
(Image credit: Shutterstock)

In recent years, automation has become more than just a buzzword and industry jargon. It can now be seen everywhere and is being utilized by organizations across the globe to deliver better outcomes for customers and workplaces for employees. Its effectiveness is being seen across the board, in turn bringing to mind Bill Gates’ quote on automation: “The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.”

About the author

David Higgins is EMEA Technical Director at CyberArk.

One specific arm of automation which is growing exponentially is Robotic Process Automation (RPA). Long cited as a potential game-changer, RPA has become one of the key disruptive technologies fueling transformation, and is poised to take center stage as organizations take their first steps into an ‘automation-first’ era. It’s already been ranked by industry experts as one of the fastest-growing enterprise software categories, thanks to its ability to help businesses and their employees achieve the efficiency, accuracy and speed needed to both compete and thrive in a world where technology-driven innovation is becoming omnipresent.

It isn’t all plain sailing though. Aside from the perennial challenges that come with implementing a new technology, those responsible for making the most of RPA need to approach it with cybersecurity front of mind. In fact, automation and security must go hand in hand to deliver enhanced digital experiences safely and quickly to customers. The consequences of not doing can be hugely disruptive. Here is why.

Disrupting the enterprise

For decades, technology innovations have shaped and reshaped our daily lives and ways of working. RPA might well be poised to assume the mantle of ‘the next big thing’, but it is the latest in a series of innovations in IT which have revolutionized business. Let’s take a quick look at their chronology to better understand why RPA represents the next step in this journey:

  • The mainframe era was the start, enhancing computational and transactional capabilities for governments, large businesses, and research organizations.
  • Then came personal computers which brought power to the broader population and smaller businesses. This era was the beginning of the ‘hacker’, which at the time was a small and exclusive group.
  • Graphical user interfaces made computers more intuitive. This empowered less technologically-savvy individuals to use computers, extending the reach of technology further into business and society.
  • The internet then came along, connecting the vast network of computers and users together, but vastly opening up the attack surface and opportunities for those with malicious intent.
  • Mobile brought the power of the internet straight to our fingertips, and the opportunity to steal credentials and passwords into the hands of threat actors.
  • Then finally, the cloud created a new way to store large amounts of data, starting an AI boom.

With better process mapping, the advent of computer vision and the fast growth of AI, the next era is upon us – automation-first. This era will be the best-of-all-worlds, allowing employees to use their empathy and creativity to find solutions to the issues which matter the most, with other tasks being completed autonomously through tech applications and robots which need little to no human input.

RPA in essence is a pragmatic application of AI that will drive process automation and digitization, and play a huge role in transitioning IT to an automation-driven practice through the ability to automate a wide range of knowledge work with great speed and precision, via machine identities. At the same time, human users are empowered to focus on higher-value work. On paper this appears a clear win, but in practice, it’s very challenging to achieve this IT utopia without giving due consideration to security.

Rethinking RPA ways of working

RPA is helping organizations make the most of digital initiatives that had previously been on the corporate agenda for some time, but yet to realize any actual value. Its ability to automate manual processes and enable users to break through conventional thinking is a key contributing factor behind this change; in financial services for example, RPA bots are doing everything from streamlining manual underwriting processes, reducing fraudulent activity through account monitoring, and assisting with customer onboarding. In essence, applying automation to countless new areas of businesses that hadn’t previously been regarded as receptive to the technology.

At their core, RPA technologies are meant to enhance, not replace the human workforce, and organizations must examine what their teams are already doing and determine which of the tasks require human involvement - whether it’s data entry, transaction processing, or response triggering - at the beginning of their RPA journey.

Secondly, when evaluating RPA, organizations should consider both a top-down approach, which identifies and prioritizes key areas of automation to maximize ROI, and a bottom-up approach, which empower workers with automation based on their individual needs.

Securing RPA initiatives

Security needs to be a key consideration right from the outset of any RPA initiative, as with all digital transformation projects, and was the case with all the IT innovations that have gone before.

RPA bots and automation processes typically require high levels of privilege – in other words, high-level access to sensitive systems and information - to do their jobs. From interacting directly with business applications, to mimicking human behavior, and mirroring human identity and access permissions across multiple systems, they provide attackers with further ways to potentially steal data. For threat actors able to get their hands on unsecured RPA admin and bot credentials, access to critical business systems and data is there for the taking.

This is where Identity Security policies can help. They help mitigate the threat of credential-based attacks by enforcing consistent, traceable Identity Security policies, such as automatically rotating privileged credentials, establishing secure connections, and placing time limits on access permissions. All of these help reduce the threat of credential abuse, and the extent to which attackers can ‘escalate privilege’ to infiltrate deeper into networks, and critically disrupt operations.

Moving forwards with secure RPA

Implementing an identity-centric approach to RPA security is critical as businesses streamline or eliminate as many manual processes as possible, so employees can concentrate on knowledge work, and the jobs that machines find hard. Yes, implementing RPA is important to achieve new levels of operational efficiency in the new era, but without considering the safety of such projects as a priority, then very few will even get off the ground.

At TechRadar, we've featured the best productivity tools.

David Higgins
EMEA Technical Director

David Higgins, EMEA Technical Director, CyberArk.