New CISO View Report Highlights the Importance of Risk Reduction for Robotic Process Automation

February 28, 2020

A new report, “The CISO View: Protecting Privileged Access in Robotic Process Automation," shares recommendations from information security executives at Global 1000 enterprises. The CyberArk report discusses how to securely drive innovation through robotic process automation (RPA).

Less than half of organizations have a privileged access management strategy in place for digital transformation technologies, like RPA. The CISO View examines attack techniques and provides practical advice from early RPA adopters on how organizations can mitigate the risks associated with non-human privileged access, including providing robots with more privileges than required to perform functions and tasks. The report recommends tightening access to RPA tools and mandating secure practices for developing robot scripts and emphasizes integrating RPA and enterprise security technologies in order to automate the management of credentials and detect misuse.

As part of The CISO View industry initiative, this report provides practical recommendations from information security executives based on their first-hand experiences. Members of the CISO View research panel include Global 1000 organizations such as Asian Development Bank, GIC Private Limited, Highmark Health, Kellogg Company, Lockheed Martin Corporation, Orange Business Services, Pearson, Rockwell Automation, Royal Bank of Canada, and T-Systems International. These experts share key recommendations for how organizations can securely adopt RPA while mitigating potential risks, including:

Limiting access for reprogramming robots – Reduce the risk that comes with RPA permissions – like the ability to reprogram robots – by securely managing credentials to RPA tools and training RPA teams on secure software development practices.
Automating credential management – Successful RPA deployments require automated credential management, including machine-generated passwords, automatic password rotation, identity verifications and just-in-time or time-limited credential access.
Establishing robust processes for monitoring RPA activity – Rapidly detect and respond to unauthorized or anomalous robot behavior by assigning human managers, enforcing least privilege and making actions traceable.

“From finance and HR to manufacturing, organizations are rapidly adopting RPA to drive new efficiencies for their business and deliver innovative services to customers,” said Marianne Budnik, CMO, CyberArk. “This report provides a playbook for organizations to embrace security in a way that enables the business and helps RPA projects move forward as part of key digital transformation initiatives.”

The fourth in The CISO View series, this report was developed in conjunction with independent research firm Robinson Insight.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.