We changed our name from IT Central Station: Here's why

How do you plan for a security review for RPA?

Is it required in your company to conduct a security review before purchasing robotic process automation software? What are the common materials you use in the review? 

Do you have any tips or advice for the community? 

Any pitfalls to watch out for?

ITCS user
33 Answers

author avatar
Real User

See here http://bit.ly/2WCIR53

Recognize the potential security risks associated with the Robotic Process Automation in an organization. Understand what features are available out of the box from the solution being deployed. For instance, if a solution being deployed is architecturally security supportive then we can make use of it to its best. Apply best practices while implementing and deploying an organization-wide RPA solution. The key to avoid security breaches is to first identify various potential security risks associated with an RPA project.

The risks that a company must consider may include one or all of the following:

- RPA robots may have access to the credentials that are normally possessed and used by a human worker.
- Robots may have access to company privileged information. This information can be anything from personal staff data to financial data.
-There is also a risk of unauthorized modification of automation workflows or their run time parameters in the production environment.
-The modifications of automation workflows can also happen during development for which measures should be taken beforehand.

author avatar
Real User

Various factors contribute towards our assessment of fitment and security of a tool for our development and production environment. These include the tool features and how the end product is likely to compromise my production environment. We need to ensure that our production environment is itself not vulnerable, the tool or a technology may just get exploited.

We do look for how secure a tool or technology is before making a decision to use it. You should ask for the vulnerability assessment report and best practices from the vendor. Then it is generally a good practice to perform a threat modeling with the vendor to ensure all basis are covered.

author avatar
Real User

In my view, we should ask the vendor of the tool to do the security review and share the report and certificate. I am sure they do a periodical review of their tools.

Find out what your peers are saying about UiPath, Automation Anywhere, Microsoft and others in Robotic Process Automation (RPA). Updated: January 2022.
564,643 professionals have used our research since 2012.