Identity and access management of robot accounts is a challenging task when RPA implementation is wide across the company. Having personal account characteristics for service accounts can be costly and inefficient for the scalability of RPA adoption. In order to fix this dilemma in ING, we introduced a unique type of account namely “robot account” and “robot resource system” to manage robot accounts effectively and efficiently. In this session, you will hear more about how it looks like and it supports to mitigate security risks while improving governance and controls on RPA adoption.
The adoption rates or RPA tools is growing at staggering rates. Providers of these services are growing. These vendors offer a variety of different approaches to automated solutions. With technology and eager business, users come great responsibility for Identity and Access Management Governance leaders. We must provide controls and governance surrounding these new identity types.
What is a Bot ID and how is it different from a service account? Bots are designed to replace repeatable business processes. Bots often replace the function of human users and therefore should be treated with the same governance processes. Bot accounts are not meant to be treated as shared accounts and passwords should be guarded by the manager as individuals guard their own. Bot identities belong in an authoritative source with a manager as the owner of the Bot employee.
Key takeaways:
Understanding Risk and Improving Operational Privacy and Security:
The combination of low-cost high-resolution video, continuous mobile device tracking, new, low-cost robust sensors (e.g. lidar) and its aggregated collection into big databases, in combination with increases in processing power to support machine learning has made automated surveillance available to organizations and individuals, spanning across sectors, jurisdictions and is applicable to a majority of existing use cases.
This is a much different scenario now that facial recognition and people tracking technology is no longer restricted to just a few organizations.
The onset of neural networks, open-source software, cheap processing, and storage drastically changes the availability of automated surveillance and in many contexts, there is new application of technology with little experience history to gauge impact. The implementation of established best practices and a lack of understanding of the identity, surveillance or privacy risk creates new risks that are hard to mitigate.
This is exacerbated by the lack of understanding of the relationship of privacy (personal data security) to surveillance-based security and their critical interdependence in risk management, resulting in surveillance technology being very insecure for people.
This panel reviews the underlying components of the current circumstances as well as goes through a five-step process for a surveillance risk assessment, putting in place an operational baseline for Smart City security that minimizes "iDentity, Surveillance, and Privacy Risk”.