Banks must send out product disclosure statements every time you open an account. And they do that via email. If your email address is wrong, the email bounces back to the bank. From a regulatory point of view, the bank must send that out, and they must get an acknowledgement that it was received. Imagine a bank employing a team of five people, sitting there, eight hours a day, waiting for these email bounces to come in. Once they get the error notification, they must analyze, research, and resolve to ensure the bank complies.
This is basically a waste of five full time employees doing the most mundane work for the sake of a checklist. But now they have a bot for that! Suddenly the team of five is down to one person who only looks at it part time, because the bot deals with most of it. That now frees the other four people to do other things that add value to the bank, such as interacting directly with customers. Sure, their work had saved the bank from potential fines, but, from a personnel point of view, it was the most boring job ever.
Robotic Process Automation (RPA) is expanding, and the horizons of opportunity are expanding. In the past, RPA used to be pretty narrow and could only do very specific things. Slowly but surely, it's getting wider and wider with more use cases and a broad spectrum of application across the enterprise.
Highly regulated industries like banking are great examples of where RPA can not only improve productivity (and morale), but it makes regulatory compliance easier to achieve. Because of the way that the automation works, there is a full audit trail. If a human were to do a list of checks, they would probably start with, "Well, I have checked that there's budget; what’s the next task?" And on and on. That is not necessarily the best way of tracking each process step. If it’s manual, then it’s open to error. With a robot, you can clearly see what it's done.
A bot keeps log of everything it does. And it's very, very easy to audit because all the data sits in the bot. Every time there is a check that gets done, the task result gets captured and the evidence get captured. Auditing is greatly improved, because the bot doesn't care that it needs to take a screenshot of something every time—the logs are all complete and the information sits within a database, so it's easily queryable.
Robotic automation basics
There are two types of robotic automation: there's RPA and there's RDA—robotic desktop automation. With RDA, a person is working on something. They have a little bot that sits on their local machine and they can click on it to go and fetch 10 things from different systems and display them back on screen. That is a bot a person would interact with. Then we have RPA, which are unattended robots. And that's where you have a machine that sits in the background, usually a virtual machine that the bot logs onto. It runs, it opens the systems, it does everything, but you don't see it. It's all in the background—all without human intervention.
CIO Study: Outages Escalating with Massive Growth in Machine Identities
More automation: more machine identities
Bots logging into virtual machines? That sounds like an InfoSec challenge! It is true that RPA generates demand for machine identities (keys and certificates). The more RPA an organization is employing, the more virtual machines are required. RPA generates demand for certificates by building automations that access machines. As you need more run time resources, you need more virtual machines to do that.
Here’s an example from a large financial services customer: there's a virtual machine they do development on. There's a virtual machine which is their runtime resource. Plus, there's a virtual machine per environment. So we’re looking at dev, test, UAT, and then production—all need machine identities. In a nutshell, every time they generate and create new machines, they generate extra demand on machine identity management. That makes tight integration between RPA and machine identity management critical. And what’s more, as more bots are needed for RPA, organizations can get RPA to actually approve those certificates, or machine identities!
RPA typically starts in finance departments, because they usually have cost pressures. But now more organizations are starting to look at security as a great place for automation as well. InfoSec teams are under similar compliance and regulatory constraints, so as RPA matures and as organizations mature in their use of RPA, they are starting to see opportunities and asking: where else can we use automation?
If you are a Venafi customer and your company is already using RPA, we can help you get started employing RPA robots built for the Venafi Platform by RPA experts, Reveal Group. You can learn more about both Reveal Group RPA bots today from the Venafi Marketplace.
This blog features a solution from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.
Why Do You Need a Control Plane for Machine Identities?
Related posts