To many, security is an afterthought. Something that needs to be implemented before a piece of software is shipped or even after. The priorities of software developers are often:
In that order.
The problem with that is if you have to re-engineer your entire application/bot after it has been developed because of a security defect, you’ve failed at priority 1 and are now eating into the profitability of priority 2. In this blog post, I will teach you how to implement security into your Automation Anywhere bot design from the start.
I will walk you through my thought process of designing a bot and thinking about all the security controls one will need to implement as part of a bot’s development. Hopefully, my thought process and thinking strategies will help you in building your secure bots.
Whether you are building bots for the enterprise or personal usage, security and privacy are critical. I recently moved into a brand-new house that came with a ton of IoT-related technology. Coupled with some other personal gadgets, there are currently a ton of IoT connected devices that can be controlled via apps and other services. The goal here is to build a bot to connect with the smart lock, thermostat, garage door opener, smart TV and the home security system and manage all of these services with one bot. It will allow me to automate tasks such as gathering usage data, analytics, report outages, or regulate my house temperature at specific times.
Most of these devices are managed by mobile apps that have APIs allowing me to connect to them. I will be able to write my own clients for the APIs so that my bot can interact with those servers directly. This bot might also be handy for building managers or larger facilities where multiple instances of each of these devices need to be managed. This bot will be designed with scalability in mind.
The phase of planning involves brainstorming some of the features I might want for the bot, the inputs and outputs it will produce, and a preliminary data flow diagram defining the bot’s operation. I will also think about what sensitive data or assets my bot will be responsible for handling.
The bot will store and manage resources, some of which are sensitive (account credentials). It is important early in the bot design to properly enumerate all assets that the bot will be responsible for so that proper defensive planning can take place to protect these assets.
With the creation of the data flow diagram and the enumeration of assets, brainstorming can now begin regarding some of the threats affecting the bot and the defenses needed. Threat modeling can be a great way of accomplishing this goal. In deriving your own security requirements, you will want to consider each asset and then brainstorm all the ways that asset could be compromised. From there, you can then think of each defense you will need to protect the assets.
The following is a list of all the security considerations I will be taking while developing my IoT bot. This information will be used to revise my data flow diagram and develop all additional features alongside each functional feature.
Some of the security requirements will affect my data flow and bot process, as such I have revised my data flow diagram to include the new features.
Now that I’ve come up with some of the key security requirements alongside my bot features, it’s time to sign up for Secure Bot Developer Learning Trail from Automation Anywhere University so that I can design, develop, and deploy my bot securely. Hopefully, I’ve given you some ideas to design your bots securely.
ACCESS THE TRAIL