RPA security best practices include access control, system integration

Though RPA replaces humans with bots, people still need to work with bots to schedule, run, view and edit their processes. To successfully and securely do this, security admins must to be able to specify who does what — access control for humans and bots alike is critical.

Not unlike other corporate systems, be concerned about who can do what — or in the case of RPA, what can do what — and also consider more granular concerns, such as what time of day or days of the week an individual or bot has access. Some vendors refer to this as role-based access control. No matter what it’s called, every RPA system needs to provide it in some form. Look for how granular permissions can be set — the more granular, the more control security will have over what a given user can do.

To applications, a bot is just another user that needs to authenticate — i.e., log in — to use most systems. Be sure to know where those credentials are stored when not in use by the bot and how they are protected — is the credential vault encrypted? Who holds the key? Similarly, when the bot is running, know where the credentials are stored. If, for example, credentials are being stored in the bot computer’s memory in clear text, they could be compromised by a third party.