Privacy, Ethics, Public Policy & Governance

Governance Surrounding Bot Identities

Tuesday, June 22
3:35pm - 4:00pm MDT

Robotic Process Automation (RPA) is being rolled out at a staggering pace with minimal consideration to governance and subsequent audit consequences. This discussion aims to provide a foundation on the benefits of RPA while addressing common pitfalls of a siloed approach to identity management of these robot identities. Within the industry, there is added confusion in the difference between bot identities and service accounts. Bot accounts are often created at the application level or as a generic account. This leads to orphaned accounts, segregation of duties conflicts or other risk introducing scenarios. Many of these problematic situations can be avoided by treating bot identities as contingent workforce which means including the identities in an authoritative source. The objective of IAM managers should include harnessing the power of RPA technologies while applying governance to the identities with auditing requirements in mind. This can be achieved with a healthy risk-based approach and applying the same governance to bot accounts as one would to human accounts.