Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

The robots are here. Actually, they’ve been here for a while

mm

Written by Erin Duncan

January 7th, 2020

Every team across your organization is looking for ways to free up more time. In the past year, Robotic Process Automation (RPA) has exploded as a new way to remove tedious, repetitive tasks from the shoulders of humans and give them to—you guessed it—robots.

RPA essentially creates a non-person account—a “bot”—that mimics the activities of a user. The bot accesses the user’s computer and interacts with various systems in the same manner a person would, using specific keystrokes to engage in two-way “conversations,” share and document information, launch programs, and run processes. This all happens automatically based on scripts.

These robots are smart. They can return answers to questions. They can find data and inject it wherever you want. They can even make decisions and take action based on artificial intelligence.

These robots are smart—too smart to be left on their own

They’re too smart to be left on their own. Like any person or account with special privileges, RPA robots require oversight and management.

If your team is building scripts for RPA or using RPA software suites like UiPath or Automation Anywhere, make sure they’re following privileged access management (PAM) best practices to minimize risk and keep the humans in control.

 Never hardcode credentials into a robot 

To do their job, robots need to log into whatever system or process they’re automating. They may need privileged access to other computers, applications, files, a website, databases, etc. Some of these activities may involve critical systems, sensitive information, and core business processes.

Regardless of which privileged account they use, it’s a bad idea to hardcode credentials into a robot (just like it’s a bad idea to hardcode credentials into an application). Instead, set up robots to make an API call to a centralized vault to get those credentials. And if you’re using an orchestrator to manage your robots, it can retrieve credentials securely and with all the advantages of a centralized vault too. That way, you can ensure PAM policies are maintained, credentials rotated, and an audit trail created.

 Service accounts for robot access

You should always know the status of your robots. How many are there? Are they still needed? To maintain oversight of these accounts from creation to deletion, assign ownership using service account governance tools like Account Lifecycle Manager. Look for a blog on this topic soon.

Robots should be assigned their own service accounts. To conform with the principle of least privilege, give robots their own account credentials with only the privileges they require.

Orchestrators for unattended robots

Unattended robots can be managed via a central dashboard – an orchestrator – instead of being kicked off by a human. The orchestrator schedules tasks and reports on robot health and progress.

When they need to start working, robots should get the credentials for the orchestration from your central PAM vault and then log in to the user’s machine to do whatever they’ve been programmed to do.

What’s the future of RPA? 

As RPA moves beyond the early-adopter phase, it could become an enterprise-wide approach to automating business processes. IT teams may hand over the keys to business users to configure and run their own robots to help them out. Increasingly, RPA will need to scale so that robots can be created, adapted and removed quickly.

Make sure your PAM system can keep pace with the new world of RPA

We believe PAM solutions will need to scale accordingly, providing the ability for ephemeral secrets to be created with time limits and removed instantly when they are no longer needed.

If you need a fully-featured PAM solution with RPA credentials that are privileged, Secret Server provides the functionality to manage those credentials. If you need a high velocity cloud solution that can be rapidly deployed, DevOps Secrets Vault can meet those needs with hundreds, even thousands, of API calls a second.

Make sure your PAM system can keep pace with the new world of RPA. If you’re considering an RPA project and you’re looking to integrate PAM, let us know!

DevOps Secrets Vault Free

DevOps Secrets Vault Free

Get started with the free edition and protect up to 250 secrets.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS