IAM for Robotic Process Automation: How to avoid Security Challenges
Robotic Process Automation (RPA) is one of the trending topics in today’s IT environments. RPA promises to automate manual tasks within business processes by implementing (software) “robots” that perform these tasks instead of humans. Such software robots must have a digital identity, and the access rights of these robots must be kept under control for enforcing the Principle of Least Privilege and avoiding major security challenges. IAM for RPAs, therefore, must be carefully considered and planned.
1 Executive Summary
RPA is used in different scenarios. One major scenario is automating manual, repetitive tasks, e.g. by automating data entry via screen scraping. Another, more complex one, is using AI for augmenting and replacing human decision making and understanding of text and other information.
From a security and IAM perspective, the main challenge is not creating “super robot” accounts that accumulate entitlements from many former human tasks, but having well-thought-out frameworks, processes, and mechanisms in place for creating targeted robot accounts, assigning and governing only the minimum required entitlements, and mitigating risks of relying on non-human (functional) accounts for robots.
Furthermore, authentication of robots can become a specific issue, which needs to be understood and solved.
However, all aspects of IAM for RPA can be managed well by relying on standard IAM capabilities, specifically IGA (Identity Governance and Administration) for Lifecycle Management and Access Governance, and PAM (Privileged Access Management) for specific challenges that are associated with using non-human, functional accounts.
Full article is available for registered users with free trial access or paid subscription.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.