Vendor View: How can we make automation more secure? -TEISS® : Cracking Cyber Security
Vendor View: Devin Gharibian-Saki, Chief Solution Officer, Redwood Software, on reaping the benefits of automation through secure implementation
As organisations across the globe undergo a form of digital transformation to improve their efficiency and customer service, we’re seeing a rise in the use of automation. By streamlining business processes, and reducing the need for employees to carry out repetitive, mundane tasks, automation offers organisations the opportunity to boost productivity and dramatically minimise the risk of human error, ultimately allowing them to move faster without the need to compromise on results.
Without appropriate security measures in place, however, automation can turn from being an enabler to being an obstacle. The platforms responsible for automating essential processes across an organisation will often have access to sensitive corporate information and, as we’ve seen all too often in recent years, a lack of adequate protection can leave this information vulnerable to compromise.
Fraud and data leakage, for example, are commonly associated with automation, requiring attention if organisations are to avoid picking up the pieces when things go wrong.
Businesses must, therefore, ensure that they are able to successfully identify, understand, and avoid the most common security issues they might face when implementing automation technology.
Advanced automation solutions are able to easily handle processes that depend on interactions between humans and bots. It’s important, however, that organisations do not assign human credentials to bots.
Security issues with typical automation and robotic tools begin with the fact that they are hard-coded, so the level of sophistication of their security is entirely dependent on the quality and consistency of their developer. What’s more, most of these tools will require a third-party solution to help them plug any gaps in credential management and store passwords of their human users.
If an organisation is to bypass this dependence on developer consistency, the use of encrypted protocols, independent credentials, and change audit are key to ensuring an appropriate level of security.
Not all automation tools are created equally. Some solutions provide and, importantly, support the full lifecycle of an end-to-end robotic process. Others, however, require a third-party add-on in order to provide a similar level of management, which immediately adds to the list of security concerns.
By deploying the latter type of tool, organisations must consider the wide range of risks related to third-party solutions; the more complimentary tools an organisation has to oversee, the more complex the ecosystem becomes as process usage is extended.
Dependence on developing
The majority of software applications require several phases of development and testing before they make it to the production phase, helping to ensure both quality and security. However, when building traditional RPA tools, relying on a three-tier landscape creates significant overhead for the operations and developer teams, thanks to the added complexity of connected systems that need to be managed.
To avoid this from the very beginning, RPA providers – as well as organisations deploying tailored bots – should take a page from traditional software developers, adopting best practice when it comes to testing for quality and security. The actual automation functionality of traditional RPA tools should then be smart enough to distinguish how to behave. For instance, if you deploy a bot to register a new business prospect in Salesforce, it must be able to distinguish the environment it is in and act accordingly, while remaining secure.
Alternatively, organisations can opt for automation systems that arrive pre-programmed and ready to deploy, with full audit and compliance tools already built-in. In addition to streamlining the implementation process, these particular systems also require minimal technical support, thereby reducing the need for additional expertise and resource; something many organisations have in short supply.
Any conversation around automation will usually quickly turn to the subject of efficiency. After all, in automating their processes, organisations are largely looking to do more, and do it faster. Efficiency, however, particularly with regard to automation, doesn’t always mean security.
Fortunately, though, any concerns around a lack of process oversight, audit requirements, or of vulnerabilities or errors going unnoticed, are entirely avoidable. By implementing a strict approach to processes, as opposed to creating an ad-hoc patchwork of automation tools, it’s possible for organisations to minimise security and fraud risks from the very beginning.
The productivity and efficiency benefits of automation can only truly be delivered when the technology is deployed in a secure environment, in which the relevant and necessary protective layers have been put in place to mitigate any form of hacking or fraudulent exploitation. As long as the understand what’s required to keep their business and their valuable information safe, and take the steps needed to do so, any organisation considering implementing automation and robotics as part of its digital transformation should have no hesitation in doing so.