The public sector lags behind other industries in deploying RPA, but the situation is changing. In April 2019, the U.S. General Services Administration (GSA) created a community of practice for RPA to help federal leaders explore RPA opportunities, share ideas, and work together. The GSA’s goal: to help civilian agencies win back $1 billion worth of productive time across agencies by deploying RPA. There are already more than 25 U.S. federal agencies with active RPA initiatives. But many government agencies have concerns related to security. RPA introduces new kinds of potential risks, especially when accessing cloud-based data. And when you consider that bots can work 24/7, unattended by humans, the risk surface can seem intimidatingly large. That’s why leading RPA vendors have instituted robust security into their products and can allay these fears.
Here you can learn the most common public sector questions related to RPA security and brief answers by Automation Anywhere as well.
Can you assure us a bot won’t do harm to our network?
Leading RPA makers have robust measures to ensure bots don’t abuse their ability to access systems. The bots get assigned the least privileges for accessing applications, which means they can only log into specific systems for specific tasks involving very specific data. Clear separation of duties keeps them from straying from the right path. All this helps government organizations protect the integrity and security of critical applications and data.
What about our ownership of data, their storage and security?
In your contract with the RPA vendor, your ownership over your data must be specified, as well as the steps you will need to take if you ever decide to switch your RPA operations and your data to a different vendor. If you are subscribing to a cloud-based RPA platform, your data will be stored in some combination of a private and public cloud. In many cases, the RPA vendors use multiple private and public clouds to reduce risk and improve performance. You should be able to choose the country or geographic region and even an option for a physically isolated enclave at an additional fee where you want your data to be stored if your agency has strict data privacy rules.
What is the authority to operate (ATO), and why is it important?
When any technology company wants to do business with a U.S. federal agency, it must obtain an authority to operate (ATO) for that particular agency or even sub-group within an agency. Getting an ATO involves a rigorous examination of the firm’s security systems to see if the risks of operating that technology are acceptable to the government agency in question. We recommend selecting only those RPA vendors that have been awarded ATOs thus far. At Automation Anywhere, we have gone through the ATO evaluation process numerous times and are proud to possess a growing number of ATOs in the Federal Civilian, DoD, and Intelligence Community.
Are bots auditable?
All IT solutions should come with extensive audit capabilities, including advanced logging, monitoring, and reporting. RPA solutions are no exception to this. At Automation Anywhere, we offer extensive and non-repudiable audit logging for more than 185 activities on our platform. This allows government agencies to identify and alert security professionals to unusual activities such as bot performance errors, employee abuse, malicious code, or anything else that might be of interest for further analysis and investigation.
More detailed answers are available on the source page.