Düsseldorf, March 5, 2020 – IT security provider CyberArk presents its new report “The CISO View: Protecting Privileged Access in Robotic Process Automation”. It is based on the experience of a CISO panel from Global 1000 companies and provides three specific recommendations for secure RPA use.
The new CISO report from CyberArk, the global leader in Privileged Access Management, examines attack techniques and offers practical advice from early RPA adopters on how organizations can reduce RPA risks. A fundamental problem, according to the CISO statement, is that robots often have more privileges than they need to perform functions and tasks. The CISOs therefore recommend limiting access to RPA tools and introducing secure procedures for the development of robot scripts. They also emphasize the need to integrate RPA and enterprise security technologies in order to automate the management of credentials and detect their misuse at an early stage. The experts make three key recommendations for secure RPA adoption and reducing potential risks: 1. restricting access for reprogramming and reprogramming software robots: Companies should reduce the risks associated with RPA credentials, such as reprogramming robots, by securely managing credentials for RPA tools and training RPA users in secure software development practices. 2. automate credential management: Successful RPA implementations require automated credential management, including machine-generated passwords, automatic password rotation and robot identity verification. 3. establish efficient processes for monitoring RPA activities: First, a company should designate a “human supervisor” for each software robot who is responsible for assigning access permissions and implementing least-privilege principles. Secondly, robots must be monitored for unauthorized access or abnormal behaviour; logging script modifications, for example, makes changes to robot activities traceable. “From financial accounting to human resources to production control, companies are currently implementing RPA solutions to increase efficiency,” explains Michael Kleist, Regional Director DACH at CyberArk. “In many cases, the issue of security comes too little or too late. Our new report now shows companies three concrete action steps that are of fundamental importance for a high level of security.” The new report is part of the CISO View industry initiative, which is sponsored by CyberArk. The initiative conducts research and develops guidance to help security teams design and implement effective cyber security programs. The CISO View Panel includes CISOs from the following companies: T-Systems International, Asian Development Bank, GIC Private Limited, Highmark Health, Kellogg Company, Lockheed Martin Corporation, Orange Business Services, Pearson, Rockwell Automation and Royal Bank of Canada.
The report is the fourth in the CISO View series and was compiled together with the independent analyst firm Robinson Insight.
We are also happy to provide you with the latest report “The CISO View: Protecting Privileged Access in Robotic Process Automation“.