What is Robotic Process Automation?
Robotic Process Automation (RPA) is one of many automation technologies that apply elements of Artificial Intelligence (AI) to make workflows more efficient, and shift employees away from routine tasks to higher-value forms of work. RPA is designed to emulate some forms of work done by humans, usually routine tasks and processes. Robots can perform 24/7, they don’t incur additional costs, they can reduce human error, and can process information far faster than humans. The higher the volume, and/or the simpler the task, the greater the value of RPA.
In fact, the opportunities for improving efficiencies in the public sector are so great that the adoption of technologies like RPA is being mandated. For example, Memo M-18-23 from the Office of Management and Budget, requires the 24 CFO Act agencies to follow a set of guidelines, including “developing and implementing strategies for shifting resources to high-value activities”. A key element of this new strategy is to “introduce new technologies, such as RPA, to reduce repetitive administrative tasks, and other process-reform initiatives”.
Focus on Security
For robots to effectively emulate humans in the workplace, they must be able to access data and applications across the organization. Robots and bot applications need to keep data just as secure as with human workers. RPA introduces new forms of threats:
There are two operating modes for RPA – unattended and attended. The latter applies to cases where a task or process cannot be fully automated, so the robot works in tandem with humans. Since humans can intervene at any time, these applications pose fewer security concerns. Conversely, the business value is reduced since human labor is always involved.
Unattended robots enable end-to-end automation thus freeing-up workers for high value tasks. However, unattended RPA presents a distinct security challenge because traditional identity management has only been for humans; the need to support robots and other Non-Person Entities (NPEs) is new. Memo M-19-17 notes an “intensified focus on risk management…and solutions that enhance privacy and security”. To address this, federal agencies “must be able to identify, credential, monitor, and manage subjects that access Federal resources”. This extends to how agencies “conduct identity proofing, establish enterprise digital identities, and adopt sound processes for authentication and access control”.
Existing forms of credentialing are PKI-based – such as smart cards – and can be extended to robots in the form of software certificates that comply with federal government requirements. These digital identity certificates can be stored onsite where the robots are hosted, or in a remote Hardware Security Module (HSM).
The Luna Credential System (LCS) introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. It unites the familiarity of certificate-based authentication with the security of a FIPS 140-2 certified hardware security module (HSM). LCS is a multi-purpose, secure credential system ideally suited for an environment in which the endpoints cannot use a traditional small form-factor token. Composed of the Luna Credential HSM and the Luna Credential Client, LCS supports a number of use cases including Windows Logon and authentication to PK-enabled applications and websites.
Industry Insight: Robotic Process Automation
Opportunities for improving efficiencies in the public sector are so great that the adoption of technologies like RPA is being mandated. Not only do IT decision-makers for U.S. Federal agencies need to get up to speed on RPA, but they must also ensure that current levels of data security applied to humans extends to robots as well.
Product Brief: Luna Credential SystemDownload
HSM-security identity Credentials for RPA.
Solution Brief: UiPath and Thales TCT
RPA Cryptographic Authentication with Luna Credential System.