Is it required in your company to conduct a security review before purchasing robotic process automation software? What are the common materials you use in the review?
Recognize the potential security risks associated with the Robotic Process Automation in an organization. Understand what features are available out of the box from the solution being deployed. For instance, if a solution being deployed is architecturally security supportive then we can make use of it to its best. Apply best practices while implementing and deploying an organization-wide RPA solution. The key to avoid security breaches is to first identify various potential security risks associated with an RPA project.
The risks that a company must consider may include one or all of the following:
- RPA robots may have access to the credentials that are normally possessed and used by a human worker.
- Robots may have access to company privileged information. This information can be anything from personal staff data to financial data.
-There is also a risk of unauthorized modification of automation workflows or their run time parameters in the production environment.
-The modifications of automation workflows can also happen during development for which measures should be taken beforehand.
Search for a product comparison in Robotic Process Automation (RPA)
Various factors contribute towards our assessment of fitment and security of a tool for our development and production environment. These include the tool features and how the end product is likely to compromise my production environment. We need to ensure that our production environment is itself not vulnerable, the tool or a technology may just get exploited.
We do look for how secure a tool or technology is before making a decision to use it. You should ask for the vulnerability assessment report and best practices from the vendor. Then it is generally a good practice to perform a threat modeling with the vendor to ensure all basis are covered.
Project Manager at a tech vendor with 201-500 employees
Real User
2019-05-29T10:39:59Z
May 29, 2019
In my view, we should ask the vendor of the tool to do the security review and share the report and certificate. I am sure they do a periodical review of their tools.
Find out what your peers are saying about UiPath, Microsoft, Automation Anywhere and others in Robotic Process Automation (RPA). Updated: December 2024.
What is RPA? Robotic process automation (RPA) is a software technology that enables enterprises to build, deploy, and manage a virtual workforce made up of software robots (“bots”) that emulate the actions of humans in interactions with software and digital systems.
See here bit.ly
Recognize the potential security risks associated with the Robotic Process Automation in an organization. Understand what features are available out of the box from the solution being deployed. For instance, if a solution being deployed is architecturally security supportive then we can make use of it to its best. Apply best practices while implementing and deploying an organization-wide RPA solution. The key to avoid security breaches is to first identify various potential security risks associated with an RPA project.
The risks that a company must consider may include one or all of the following:
- RPA robots may have access to the credentials that are normally possessed and used by a human worker.
- Robots may have access to company privileged information. This information can be anything from personal staff data to financial data.
-There is also a risk of unauthorized modification of automation workflows or their run time parameters in the production environment.
-The modifications of automation workflows can also happen during development for which measures should be taken beforehand.
Various factors contribute towards our assessment of fitment and security of a tool for our development and production environment. These include the tool features and how the end product is likely to compromise my production environment. We need to ensure that our production environment is itself not vulnerable, the tool or a technology may just get exploited.
We do look for how secure a tool or technology is before making a decision to use it. You should ask for the vulnerability assessment report and best practices from the vendor. Then it is generally a good practice to perform a threat modeling with the vendor to ensure all basis are covered.
In my view, we should ask the vendor of the tool to do the security review and share the report and certificate. I am sure they do a periodical review of their tools.