Emergence of Robotic Process Automation (RPA) and Its Impact on Identity Governance
Robotic Process Automation, or Robotics, is the use of software to ‘mimic’ the actions a human user would perform at scale to automate business processes that are highly repetitive, rule-based and that use structured data. This technology helps organizations to speed up business processes, eliminate human errors and cut costs.
At a high-level, there are 2 forms of RPA:
- Swivel chair RPA – This uses software to recreate repetitive steps performed by a human, i.e. pull information from one system and take specific actions in another system/s based on the type of data. There is lot of action in the space and the ROI is significant; many large enterprises are adopting this technology to improve efficiencies and reduce costs/errors.
- Cognitive RPA – This is the next level of RPA which involves cognitive technologies such as machine learning, speech recognition, and natural language processing. Robots learn by studying human behavior and over time become more accurate, faster and virtually foolproof without requiring any human intervention. This still has ways to go, however, but a lot of good work is happening in this space, especially with the “Artificial Intelligence” buzz.
RPA and Identity Governance
The impact of RPA adoption on Identity Governance will be significant over the next couple of years and here is how I see both technologies benefitting from each other:
- IGA for RPA – With increased proliferation of bots and how they simulate activities carried out by a real person, it is imperative to have an Identity Governance processes defined for bots as well. This includes modeling bots as non-human identities, assigning appropriate access, keeping the principles of least privilege, rotating passwords or credentials, ensuring Segregation of Duty (SOD) policies are enforced, running periodic certifications and monitoring their activity to avoid the risk of fraud.
- RPA for Identity Governance – On the other hand, there could be many functions or processes in Identity Governance that are manual, such as provisioning, password reset, certification, role management, etc. This could a result in years of isolated processes that stick indefinitely or result in the need for connectors to manage access in legacy systems, which is typically expensive to build. These manual, non-centralized processes are error prone and could lead to failure in audits as well as expose the enterprise to attacks. Using bots to take care of some of these manual processes would be beneficial to the organization in terms of cost as well as the overall compliance, security and risk posture.
Here at Saviynt, we are actively looking at both these aspects and based on my experience, RPA would be a perfect way to potentially automate some, if not all this work, giving the IAM teams more time to focus on business priorities and next generation initiatives.
Please reach out to me if you want to partner with us in solving these use cases. We would also love to get some feedback and brainstorming on your unique challenges!