Learn how your company can create applications to automate tasks and generate further efficiencies through low-code/no-code tools on November 9 at the virtual Low-Code/No-Code Summit. Register here.
Robotic process automation (RPA) is experiencing a watershed moment. Gartner estimates that 50% of U.S. health providers will invest in RPA over the next three years. Moreover, the overall RPA market is expected to grow by more than 7% annually over the next few years to reach $379.87 million by 2027, up from $182.8 million in 2019.
Switching repetitive tasks to RPA functions not only eliminates errors, it also garners significant cost savings. That’s because RPA addresses bottlenecks with workflows, data, and documentation while providing audit trails and reducing compliance expenses and risks. RPA can also boost legacy integration and record digitization and enable data-driven decisions and “path-to-cognitive” technologies, according to Technologent’s Kevin Buckley.
“The definition of RPA can be simplified as the category of software that automates tasks traditionally performed by a human, using software robots that follow a specific set of rules and interact with existing systems via user interfaces,” Buckley explained to VentureBeat via email. “These software robots can replace repetitive tasks, do system integrations, and automate transactions from task level to enterprise level via scheduled orchestration.”
For example, San Jose-based RPA firm Automation Anywhere recently worked with a pharmaceutical company in Europe to accelerate the research and approval of COVID-19 vaccines by augmenting reporting. RPA startup UiPath has also assisted with efforts around the pandemic, for instance helping the U.S. Department of Homeland Security use software bots to perform coronavirus-related data analysis.
Deloitte reports organizations that have implemented and scaled RPA see a return on investment within 12 months. And according to Everest Group, top performers earned nearly 4 times on their RPA investments, while other enterprises earned almost double.
This isn’t to suggest that RPA is without challenges. The credentials enterprises grant to RPA technology are an access point for hackers. When dealing with hundreds to thousands of RPA robots with IDs connected to a network, each could become an attack vessel if identity-centric security practices aren’t applied.
“Without tracking the exact access being granted, organizations are allowing [RPA] workers to leave their most valuable asset out in the open — privileged credentials,” One Identity president and GM Bhagwat Swaroop told VentureBeat. “Bad actors are targeting privileged credentials to gain access and move laterally within the network. With 53% of breaches being linked to misused or overused privileged credentials, the unmonitored and unrestricted access of RPA makes it even more susceptible to a breach than its human counterparts. If the privileged access vulnerabilities of RPA aren’t addressed quickly, I predict there will be a significant amount of RPA breaches that occur over the next year.”
Part of the problem is that many RPA platforms don’t focus on solving security flaws. That’s because they’re optimized to increase productivity and because some security solutions are too costly to deploy and integrate with RPA, Swaroop says.
Of course, the first step to solving the RPA security dilemma is recognizing that there is one. Realizing that RPA workers have identities gives IT and security teams a head start to securing RPA technology prior to its implementation. Swaroop recommends that organizations extend their identity and governance administration (IGA) to focus on the “why” behind a task, rather than the “how.” Through a strong IGA process, companies adopting RPA can implement a zero trust model to manage all identities — from human to machine and application.
“Through IGA processes, enterprises have the correct access management controls to mitigate risks, such as privilege creep, orphaned accounts, and the exposure of passwords and secrets. By eliminating the gaping holes in companies’ current RPA strategies, IT and security teams can ensure cybercriminals can’t compromise the robot or, worse, infiltrate their network,” Swaroop said.
He also suggests putting in place a privileged access management (PAM) setup that can secure and govern RPA systems. PAM systems allow enterprises to secure, control, and audit credentials and privileges RPA technology uses without compromising the return on investment.
“When a digital worker needs privileged access, the robot can retrieve credentials automatically from a PAM system, without any exposure to the bot owners or developers,” Swaroop said. “This not only provides a full audit trail of which digital workers accessed what applications, but also provides individual accountability and proof that no one can obtain the password, in a noncompliant manner, without slowing down robotic operations.”
Thanks for reading,
AI Staff Writer
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.