How to ensure the security of digital workers
Prosegur has positioned itself as a benchmark for the innovative use of robotic process automation. But this technology is not risk-free. For this reason, the company has developed its own system to protect it.
Prosegur has become a global benchmark in the automation of business processes using RPA (Robotic Process Automation) robots - almost 400, which perform tasks ranging from invoicing and modifying contracts to balancing bank accounts. – as four international awards attest. But the day-to-day routine of RPA technology requires specific security measures. Firstly, because of the volume of tasks it undertakes, but also because this technology interacts with a Windows desktop and enters data, clicks on different options or enters the pages of official bodies, entities and companies to complete procedures. But how do robots protect themselves?
RPAs, like any technology, are not risk-free and require a secure working environment with access control and credentials. According to Fernando Cisneros, Head of CREAD (Centre for Robotisation, Excellence, Automation and Digitalisation) "We are protected against all kinds of external and internal attacks". In addition to deterring or preventing the misuse of the robots, the shielding ensures compliance with security and data protection regulations in the 26 countries in which Prosegur operates.
We are talking about a robotic security system that did not exist as such on the market. For one simple reason: Prosegur’s RPA model has a lot of in-house development to adapt commercial robots to the company's operations around the world. It is a unique platform. Even so, the company tested it with four specialist credential management companies. Finally, the chosen provider and Prosegur reconciled technological positions and the chosen company adapted its credential manager and CREAD developed a key piece: the middleware between the credential manager software and the robots so that both can understand each other and work together.
No weak links
Based on this compatibility, a security operative has been developed with several simultaneous security layers. Firstly, the weak point of the master key (you are only as strong as your weakest link) is avoided. The company relies on its own protocols and periodic change of credentials stored with the highest level of encryption.
This prevents a human error that could be called sticky-notes carelessness from happening. "Someone asks for a robot's credentials to make an adjustment, he gets a post-it note with the credentials written on it and then sticks it on to his computer and keeps it there for weeks. Or they use a pen drive that comes with a Trojan as a prize," explains Cisneros.
Any access to a Prosegur robot is subject to a double approval protocol. If a technician wants to enter the Human Resources robot to make an adjustment to its operations, an alert is generated, and access is only granted with his supervisor’s authorisation.
How efficient has it been so far? So far, it has achieved optimum results. Not a single incident has been recorded at the company's two robotic hubs (one for the Americas located in Miami and one for Europe-Asia-the Middle East located in Madrid). This service sheet is a source of competitiveness and prestige for customers who are increasingly concerned about cybersecurity.
In addition, all of CREAD's own developments are designed with a view to provide service to more companies. According to Cisneros "if we develop it from scratch, if we test it and polish it, if it works for such a big company, why wouldn't it work for others?"