Cloud Security and Compliance with Data Privacy
The ability to deploy “on-premises” software to the public cloud has been gaining traction, as the cloud has become a life-changing resource. However, for consumers and businesses that question its security, the cloud is a source of contention.
To meet the needs of both types of users, Automation Anywhere is expanding the Digital Worker platform to include a cloud-hosted offering. As you can predict, the Software as a Service (SaaS) version opens a whole slew of security questions around data privacy, regulatory requirements, and architecture. Fortunately, we develop our platforms with a data privacy-first focus and a secure cloud architecture.
Of course, there are laws the world over that are meant to ensure data privacy. The UK Data Protection Act, Swiss Federal Act on Data Protection, and Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) are just a few regulatory law examples.
The European Union has enacted the General Data Protection Regulation (GDPR) to dictate how to handle sensitive personal information and to ensure the information isn’t exposed to unauthorized parties (which is how we define privacy).
Certain states in the United States have also demonstrated their understanding and desire for privacy laws and are taking extra measures. For instance, California has enacted the California Consumer Privacy Act (CCPA) to safeguard privacy rights and consumer protection for its residents.
Cloud providers and businesses are required to implement reasonable security measures to protect personal information, and we’re committed to ensuring and maintaining the trust of our customers. In order to comply with regulatory requirements, Automation Anywhere is working on certifications such as SOC 2, ISO 27001, and GDPR, to name a few.
Our cloud service maintains a variety of security controls, such as encryption of passwords and using salted hash, user access logs, and incident management. Outside of that, authorization of users is dependent on a customer’s IT administrators, who can implement controls to limit access to authorized personnel. Administrators can then grant fine-grained permissions to corporate users via role-based access controls (RBAC).
Automation Anywhere offers full audit capabilities where all user actions are audited within the platform, providing records of all access and actions taken by operations personnel. Audit is automated for all privileged and non-privileged roles to conform to best practices as defined in NIST AC-6, the security controls and assessment procedures that employ the principle of least privilege. As with any enterprise application, the consistent and proper use of security controls depends on the organization.
Secure cloud architecture
SaaS applications are hosted on third-party infrastructure and run third-party software code, so proper secure design and architecture are required to ensure risk mitigation.
Automation Anywhere cloud architecture is architected from the ground up with a comprehensive set of security features that either automatically provide or are configurable by the data owner to provide data protection. Our enterprise cloud delivers several security capabilities and services to increase privacy and control network access.
Some of the capabilities in Automation Anywhere Enterprise A2019 include:
- Network firewalls and web application firewall capabilities — allow the Automation Anywhere cloud operator to create private networks and control access to tenant instances and applications
- Data encryption — including encryption at rest and TLS encryption in transit between a customer’s on-premises location and the cloud ensures organizational security and compliance commitments
- Credential Vault — delivers encrypted storage of credentials used by an automation (bot) for secure authentication
- Credential and key management — identity and access management to ensure only valid and authorized personnel have access to your company’s valuable data
- Threat detection tools — provide visibility into attacks and help detect security violations and sends alerts to operations personnel to take appropriate action
Additionally, these capabilities are on the roadmap for Enterprise A2019 cloud:
- Multifactor authentication (MFA) — enhances security by requiring a second form of authentication, mitigating password risk and helping safeguard access to data and applications while maintaining simplicity for users
- Single sign-on — delivers enhanced, seamless integration with third-party services by allowing centralized user account management and automatically adding or removing user access to applications based on group membership
In summary, the Automation Anywhere cloud solution provides enhanced security, privacy, and compliance with regulatory laws. It is now possible for your business to run enterprise Robotic Process Automation (RPA) in the cloud for unprecedented scale and extensibility.