RPA Security Best Practices: Managing Identities and Privileges

What is Robotic Process Automation?

Robotic process automation (RPA) is primarily used to define a process and workflow, automate the steps using a graphic interface, create integrated automation between resources, and potentially include artificial intelligence (AI) to make complex decisions to complete repetitive and mundane tasks. It is important to note that the definition of RPA inherently does not include AI, which is a vendor-based add on to provide native thinking and learning when decisions are not Boolean or mathematically based. Robotic process automation is architected to follow rules and predefined scripts across multiple resources. RPA works with unwavering consistency and efficiency, using complex automation and logic to achieve process-based workflows.

Accenture characterized the benefits of RPA as follows, “Robotic process automation has the power to revolutionize your identity and access management, cutting costs and saving time. But it won’t replace humans with machines. Instead, it will take the robot out of the human, freeing your talent from repetitive drudgery to focus on more rewarding projects.”

For new users, the easiest way to think of RPA is as an advanced flowchart that is automated, can communicate with multiple, diverse resources to obtain data and inject results, and when a decision is necessary, it is based on Boolean facts or vendor-based AI. RPA essentially involves a non-person account (NPA) that impersonates your users, interacting with various systems in the same manner a human identity would.

For teams seeking to automate repetitive or mundane decision-based tasks at scale, robotic process automation is a powerful, high-impact tool, that offers many advantages.

RPA & Privileged Access Security Implications

The power of RPA provokes an important IT security question; how does it get privileges to perform various tasks and collect critical information to implement a process and make decisions?

Typically, for any technology, authentication to electronically connected resources is made via credentials, keys, or certificates. As security professionals know, credentials should not be hardcoded or allowed to become stale. This is a central DevOps security problem. RPA is no different.

RPA tools should adhere to a least privilege model when authenticating to resources – meaning RPA toolsets should not have excessive rights, and should not store credentials directly in order to establish connections for automation.

Managing & Securing Robotic Process Automation Credentials with Password Safe

BeyondTrust’s Password Safe is the industry-leading solution for managing and securing privileged identities – whether belong to humans, applications, service accounts, or other non-person accounts. Password Safe eliminates the need for hard-coded or embedded RPA credentials and secures the organization from automated exploitation via an extensive API that is compatible with RPA technology.

In addition, Password Safe leverages a distributed network discovery engine to scan, identify, and profile all assets that may be included in an RPA workflow and supporting resources. This includes dynamic categorization of all assets based on discovered traits and accounts, enabling auto-onboarding, as well as the ability for RPA policies to self-adjust authentication models according to environmental and workflow changes.

For example, if a new account is discovered on an asset, it can automatically be placed under management. This will allow new RPA calls to automatically work without creating additional accounts on the system or having to manually specify the resource’s availability.

Here are key ways Password Safe supports RPA security and efficiency:

• Discovering and profiling all known and unknown assets (web, mobile, cloud, virtual), privileged user accounts, shared accounts, and service accounts that may be used in automation/RPA tasks
• Removing hard-coded passwords from applications and scripts using an extensible REST interface that supports many languages, including C/C++, Perl .NET, and Java
• Enforcing extensive security controls to lock down access to only authorized applications
• Enforcing least privilege for all automation tasks
• Automating creation of Smart Groups to categorize, group, assess, and report on assets by IP range, naming convention, OS, domain, applications, business function, Active Directory, and more for RPA certification reporting
• Ensuring that passwords can be automatically reset after RPA usage, via timers, even programmatically to ensure the security of the workflow
• Adhering to security best practices by keeping passwords unique for all accounts under RPA privileged access management.

Using Password Safe as a key part of your privileged access management confers at least three core benefits to your organization’s RPA:

1. Enables IT teams to keep pace with changing environmental variables
2. Minimizes time and administrative overhead
3. Reduces risk by ensuring that no system is left unmonitored or unmanaged in an RPA workflow.

Finally, BeyondTrust Endpoint Privilege Management can be layered on to apply least privilege and granular control across RPA processes, toolsets, and workflows

Addressing Privilege Management Challenges of RPA & Other Emerging Technologies

Robotic process automation is a fast-emerging and evolving method of using software robots to eliminate mundane and routine tasks that would otherwise burden other IT resources. As with almost every emerging technology with the power to revolutionize IT, however, comes security challenges, such as how to manage identity and authentication models, privileges, reused passwords, and stale credentials. BeyondTrust’s Password Safe is uniquely engineered with its API to solve these challenges and should be considered a best-practice solution for every RPA deployment. For more information, please contact BeyondTrust today.