As someone who’s long been an advocate of automating the things, I got really excited when Automation Anywhere was announced as a presenter for Tech Field Day 19. For me it’s a great opportunity to learn about a rapidly growing market space, Robotic Process Automation (RPA). It’s also very timely for me professionally as the financial sector is a prime candidate for RPA and many conversations are being had around the efficiencies that can be derived from it.
That being said automation isn’t necessarily a unicorn. What if you write a bad process? What if you’re a bad person? What do you tell the auditors? If you don’t at least think about these questions, you may find yourself automating your way to the unemployment line.
Just to set one more piece of context, I’ve been reading a lot lately about building a security program and the basics of a successful program. One idea that keeps popping up time and time again – everyone should have a security mindset, including your developers. However for many people, security is an afterthought. So it was refreshing when early on @SteveShah’s presentation this lovely little slide popped up. The details are important, but more relevant is the fact that the folks at Automation recognized that their platform is powerful (insert necessary spiderman quote here) and therefore security has to be considered from the outset.
Now from my view, these items should be table stakes for any software in 2019. The reality is that for the majority of the software industries features and functionality are prioritized over data security. I honestly am sitting here thinking through various software presentations I’ve seen over the years that treated security as a central premise, rather than an afterthought and I’m coming up empty. Given that RPA has the potential to be a giant attack vector for the bad guys, solace should be found in the fact that Automation Anywhere takes their responsibility to provide a secure solution seriously.
This security first mindset was then further demonstrated when 5 minutes were devoted to how you should properly promote code from dev to qa to prod. Taken alongside the fact that you can audit every action taken by every bot, under every user account context and the approach to security from the folks at Automation Anywhere is quite refreshing.
Many questions still exist for me, such as ‘how do you ensure resilience for your RPA solution?’ and ‘how easy are all of these controls to leverage? Can they be used at scale?’ Nevermind that you always need to do your due diligence for any platform that you introduce into your environment. All that being said, I’m looking forward to getting my hands on the free community edition of Automation Anywhere’s RPA product suite.
Disclaimer. As a guest of Tech Field Day as a delegate, my accommodations and travel have been paid for. The words and thoughts expressed herein are mine alone. I have not been compensated for this post.
Virtual VT 
One thought on “Hot Take from TFD19 – RPA with a Security First mindset”