Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Managing Identities and Privileges for Robotic Process Automation (RPA)

June 12, 2019

  • Blog
  • Archive

Robotic process automation (RPA) is primarily used to define a process and workflow, automate the steps using a graphic interface, create integrated automation between resources, and potentially include artificial intelligence (AI) to make complex decisions to complete repetitive and mundane tasks. It is important to note that the definition of RPA inherently does not include AI, which is a vendor-based add on to provide native thinking and learning when decisions are not Boolean or mathematically based. Robotic process automation is architected to follow rules and predefined scripts across multiple resources. RPA works with unwavering consistency and efficiency, using complex automation and logic to achieve process-based workflows.

Accenture characterized the benefits of RPA as follows, “Robotic process automation has the power to revolutionize your identity and access management, cutting costs and saving time. But it won’t replace humans with machines. Instead, it will take the robot out of the human, freeing your talent from repetitive drudgery to focus on more rewarding projects.”

For new users, the easiest way to think of RPA is as an advanced flowchart that is automated, can communicate with multiple, diverse resources to obtain data and inject results, and when a decision is necessary, it is based on Boolean facts or vendor-based AI. RPA essentially involves a non-person account (NPA) that impersonates your users, interacting with various systems in the same manner a human identity would.

For teams seeking to automate repetitive or mundane decision-based tasks at scale, robotic process automation is a powerful, high-impact tool, that offers many advantages.

RPA & Privileged Access Security Implications

However, the power of RPA provokes an important IT security question; how does it get privileges to perform various tasks and collect critical information in order to implement a process and make decisions?

Typically, for any technology, authentication to electronically connected resources is made via credentials, keys, or certificates. As security professionals know, credentials should not be hardcoded or allowed to become stale. This is a central DevOps security problem. RPA is no different.

RPA tools should adhere to a least privilege model when authenticating to resources – meaning RPA toolsets should not have excessive rights, and should not store credentials directly in order to establish connections for automation.

Managing & Securing Robotic Process Automation Credentials with Password Safe

BeyondTrust’s Password Safe is the industry-leading solution for managing and securing privileged identities – whether belong to humans, applications, service accounts, or other non-person accounts. Password Safe eliminates the need for hard-coded or embedded RPA credentials and secures the organization from automated exploitation via an extensive API that is compatible with RPA technology.

In addition, Password Safe leverages a distributed network discovery engine to scan, identify, and profile all assets that may be included in an RPA workflow and supporting resources. This includes dynamic categorization of all assets based on discovered traits and accounts, enabling auto-onboarding, as well as the ability for RPA policies to self-adjust authentication models according to environmental and workflow changes.

For example, if a new account is discovered on an asset, it can automatically be placed under management. This will allow new RPA calls to automatically work without creating additional accounts on the system or having to manually specify the resource’s availability.

Here are key ways Password Safe supports RPA security and efficiency:

  • Discovering and profiling all known and unknown assets (web, mobile, cloud, virtual), privileged user accounts, shared accounts, and service accounts that may be used in automation/RPA tasks
  • Removing hard-coded passwords from applications and scripts using an extensible REST interface that supports many languages, including C/C++, Perl .NET, and Java
  • Enforcing extensive security controls to lock down access to only authorized applications
  • Enforcing least privilege for all automation tasks
  • Automating creation of Smart Groups to categorize, group, assess, and report on assets by IP range, naming convention, OS, domain, applications, business function, Active Directory, and more for RPA certification reporting
  • Ensuring that passwords can be automatically reset after RPA usage, via timers, even programmatically to ensure the security of the workflow
  • Adhering to security best practices by keeping passwords unique for all accounts under RPA privileged access management.

Using Password Safe as a key part of your privileged access management confers at least three core benefits to your organization’s RPA:

  1. Enables IT teams to keep pace with changing environmental variables
  2. Minimizes time and administrative overhead
  3. Reduces risk by ensuring that no system is left unmonitored or unmanaged in an RPA workflow.

Addressing Privilege Management Challenges of RPA & Other Emerging Technologies

Robotic process automation is a fast-emerging and evolving method of using software robots to eliminate mundane and routine tasks that would otherwise burden other IT resources. As with almost every emerging technology with the power to revolutionize IT, however, comes security challenges, such as how to manage identity and authentication models, privileges, reused passwords, and stale credentials. BeyondTrust’s Password Safe is uniquely engineered with its API to solve these challenges and should be considered a best-practice solution for every RPA deployment. For more information, please contact BeyondTrust today.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

Webcasts | January 21, 2021

Welcome to 2021: A BeyondTrust Global Partner Update

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.