Keeping Up with the Bots: How the Rise of RPA Impacts IGA

Robotic Process Automation (RPA) is a type of automation technology currently transforming the way businesses operate. RPA software robots manipulate and communicate with business systems and applications to streamline processes and reduce the burden on employees. RPA can automate tasks, including claims processing and call center support to data management, IT services, and invoice processing, and everything in between. Opportunities for automation exist virtually everywhere throughout the business, enabling greater organizational performance and efficiency.

The growth of robotic process automation is unprecedented. In fact, a recent Forrester study, highlighted in Forbes, predicted that the “RPA market will reach $1.7 billion in 2019 and $2.9 billion by 2021,” and “more than 40 percent of enterprises will create state-of-the-art digital workers by combining AI (artificial intelligence) with Robotic Process Automation.” This incredible growth suggests a tremendous shift in overall business strategy toward automating specific processes and reducing reliance on human workers for repetitive tasks that can be performed more efficiently and accurately by software bots.

A report by Deloitte also suggests that “as many as 50 percent of the activities performed by a given employee are mundane, administrative, manual-labor intensive tasks,” indicating that ”RPA will replace 16 percent of jobs by 2025.“ Yet the same study indicates that only 17 percent of leaders and workforces are “ready to handle a workforce consisting of people, robots, and AI working side by side.” Clearly, RPA is changing the nature of business today. And as we advance further into automation during this century, organizations will need to change how they manage bot identities and put into place the right identity governance policies to manage their access levels within the organization. So what is the real impact of RPA on Identity Governance and Administration (IGA) and how can organizations today effectively respond to the rise of bots within their business?

Why IGA and RPA Go Hand-in-Hand

The relationship between IGA and RPA should be both mutually dependent and mutually beneficial. According to the IGA, RPA, and Managing Software Robot Identities report from Gartner, ”robotic process automation will have a profound impact on IGA. RPA introduces robotic software whose identities and access must be managed and controlled.” Further, “technical professionals must prepare to extend IGA architecture to address these requirements, while assessing RPA for automating IGA tasks.” This means that organizational IGA policies and programs must be extended to intelligently manage the identities of bots, and concurrently, RPA can aid in automating manual IGA tasks. For the remainder of this piece, we will explore the role of identity governance in managing bots within organizations today and save the discussion of robotic process automation to enhance efficiencies for IGA in a follow-up blog.  

Bots Have Identities Too

Just like the human users within an organization, non-human users, often known as service accounts or software robots, are an increasing target for attack. External threat actors have become more sophisticated in their malicious activities that target users inside the organization—whether human or robot. According to the 2019 Insider Threat Report from Cybersecurity Insiders, 70 percent of cybersecurity professionals surveyed believe that the frequency of insider attacks has increased in the last year alone. And an incredible 62 percent of organizations have experienced at least one insider attack in the past 12 months. With the increasing number of tasks that bots are now performing within organizations today, and the significant access they have to company systems, applications, and data, how can the business effectively manage their levels of access and ensure the organization is protected?

The answer is by including service accounts under the identity governance umbrella, and managing them in a similar, yet distinct way from how human users are managed. Specifically, treating service accounts as contingent workers within the organization, separate from human users, is a best practice approach for giving bots identities and managing them intelligently. Although bots act in the same way as humans, taking on the mundane, repetitive tasks of human users, categorizing them as contingent workers will clearly define the systems and applications they should and should not access. Ultimately, by extending the definition of users to incorporate bots as part of the contingent workforce, organizations can increase visibility across all their environments and more effectively protect their organization as the digital workforce continues to expand.

The User Lifecycle for Service Accounts in Robotic Process Automation

Treating bots as part of the contingent workforce begins when the service account is initiated or ‘onboarded.’ This is where the software robot receives initial account access to appropriate systems and applications. Over time, the robot may need new or different access to complete its task, so an effective IGA program must be able to manage this change. Finally, if the bot is no longer needed, accounts should be immediately disabled to avoid orphaned accounts that are prone to attack. According to Gartner, “software robot identity lifecycle management processes can be modeled to contingent workers when organizations keep software robot identities distinctly separate from people. Just as with humans, each software robot can have a supervisor or sponsor—the person who is responsible for overseeing the operation of the software robot.” By treating service accounts and software robots in a similar manner as contingent workers, organizations can more effectively manage the levels of access they have across the non-human user lifecycle, and easily onboard and offboard software robots securely and efficiently.

Embrace the Rise of Bots in Your Organization Intelligently

As companies continue to increase reliance upon robotic process automation, and depend on service accounts to increase efficiency and drive organizational performance, they must also recognize the responsibility they have in managing these bots as actual users. Identity governance for RPA will continue to play a prominent role, and it is up to organizations to leverage leading-edge IGA solutions for improving organizational security throughout the software robot user lifecycle. Make sure your organization is ready for the rise of RPA and has the proper identity governance programs in place to keep your people and your robots protected.