1 Executive Summary
RPA is used in different scenarios. One major scenario is automating manual, repetitive tasks, e.g. by automating data entry via screen scraping. Another, more complex one, is using AI for augmenting and replacing human decision making and understanding of text and other information.
From a security and IAM perspective, the main challenge is not creating “super robot” accounts that accumulate entitlements from many former human tasks, but having well-thought-out frameworks, processes, and mechanisms in place for creating targeted robot accounts, assigning and governing only the minimum required entitlements, and mitigating risks of relying on non-human (functional) accounts for robots.
Furthermore, authentication of robots can become a specific issue, which needs to be understood and solved.
However, all aspects of IAM for RPA can be managed well by relying on standard IAM capabilities, specifically IGA (Identity Governance and Administration) for Lifecycle Management and Access Governance, and PAM (Privileged Access Management) for specific challenges that are associated with using non-human, functional accounts.