Securing the way in an automation-first era

The accelerated pace of digital transformation during the pandemic shows no signs of abating, with organisations racing to get ahead of the game

Time has shown the companies who embraced and took advantage of the digital opportunities of the changing world succeeded, and those who couldn’t were often left to flounder.  

Scaling digital operations to work faster and more efficiently has gone far past the point of relying on humans: we’re slow, and costly to run. Instead, automation is leading the way to delivering better outcomes for customers, and better workplaces for employees. Robotic Process Automation (RPA) in particular is an area of automation experiencing rapid growth – the fastest growing enterprise software category – in the overall quest for efficiency, accuracy and speed.  

Technology-driven innovation like RPA is a game changer, but behind the scenes presents many challenges. Like any other new tech, there’s a learning curve. But more critically, to allow automated processes to run independently of human supervision, they need to be trustworthy. Given that 71% of organisations suffered a successful software supply chain-related attack that resulted in data loss or asset compromise just last year, implementing new security measures alongside new technologies must be prioritised for a successful experience. The consequences of leaving out the crucial security element can be disastrous.  

Levelling up business for the modern era 

For decades, technology innovations have shaped and reshaped our daily lives and ways of working. RPA might well be poised to assume the mantle of ‘the next big thing’, but it is the latest in a series of innovations in IT which have revolutionised business.  

This era will be the best-of-all-worlds, allowing employees to use their empathy and creativity to find solutions to the issues which matter the most, with other tasks being completed autonomously through tech applications and robots which need little to no human input. In an era of high standards for job satisfaction (underscored keenly by the ongoing Great Resignation), RPA offers employers the opportunity to remove the boring, repetitive elements of work for staff – without needing to sacrifice essential business practices.  

Although RPA offers an opportunity to make great strides in working at speed with precision, its reliance on machine identities means security must be given due consideration from the beginning of implementation. Without this early integration, the autonomous nature of RPA will leave it wide open to cyberattacks.  

Accelerate digital initiatives, not digital risk  

At their core, RPA technologies are meant to enhance, not replace the human workforce. The first step is for organisations to determine which tasks their teams handle and which truly require human involvement. Freeing staff from repetitive data entry, for example, leaves more time for the creative elements of their work. Alongside increased staff satisfaction, this allows standard business transactions to run quicker and more smoothly. Security though, needs to be a key consideration right from the outset of any RPA initiative, as with all digital transformation projects. 

RPA bots and automation processes typically require high levels of privilege – that is, high-level access to sensitive systems and information – to do their jobs. From interacting directly with business applications, to mimicking human behaviour, and mirroring human identity and access permissions across multiple systems, they provide attackers with further ways to potentially steal data. Recent research revealed  that 68% of non-humans or bots have access to sensitive data and assets, so they are very attractive targets for threat actors. 

Rather than leaving all these machine identities wholly unattended, a series of robust identity security policies can prevent exploitation by an attacker. Good practices like automatically rotating privileged credentials and establishing secure connections can help reduce the threat of credential abuse. In turn, these policies also prevent lateral movement and privilege escalation, which is so often the `pathway attackers seek to take on the route to compromise.  

Alongside this, when evaluating RPA, organisations should consider both a top-down approach, which identifies and prioritises key areas of automation to maximise ROI, and a bottom-up approach, which empower workers with automation based on their individual needs. It brings to mind Bill Gates’ quote on automation: “The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.” A thorough analysis of business processes will help ensure the former, and avoid the latter. 

Beginning the RPA journey securely 

Underpinning the excitement of delivering new technologies with a security-first attitude can ensure a successful delivery all around, preventing the build-up of cybersecurity debt and strengthening business resilience. RPA offers attractive benefits to businesses – but just as you wouldn’t test out a new rocket ship without a good crash suit, the success of RPA integration will rely on considering safety as a priority from the start.  

About the Author

Brandon Traffanstedt, Senior Director, Global Technology Office, CyberArk. CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Featured image: ©Metamorworks