The ability to deploy “on-premises” software to the public cloud has been gaining traction, as the cloud has become a life-changing resource. However, for consumers and businesses that question its security, the cloud is a source of contention.
To meet the needs of both types of users, Automation Anywhere is expanding the Digital Worker platform to include a cloud-hosted offering. As you can predict, the Software as a Service (SaaS) version opens a whole slew of security questions around data privacy, regulatory requirements, and architecture. Fortunately, we develop our platforms with a data privacy-first focus and a secure cloud architecture.
Of course, there are laws the world over that are meant to ensure data privacy. The UK Data Protection Act, Swiss Federal Act on Data Protection, and Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) are just a few regulatory law examples.
The European Union has enacted the General Data Protection Regulation (GDPR) to dictate how to handle sensitive personal information and to ensure the information isn’t exposed to unauthorized parties (which is how we define privacy).
Certain states in the United States have also demonstrated their understanding and desire for privacy laws and are taking extra measures. For instance, California has enacted the California Consumer Privacy Act (CCPA) to safeguard privacy rights and consumer protection for its residents.
Cloud providers and businesses are required to implement reasonable security measures to protect personal information, and we’re committed to ensuring and maintaining the trust of our customers. In order to comply with regulatory requirements, Automation Anywhere is working on certifications such as SOC 2, ISO 27001, and GDPR, to name a few.
Our cloud service maintains a variety of security controls, such as encryption of passwords and using salted hash, user access logs, and incident management. Outside of that, authorization of users is dependent on a customer’s IT administrators, who can implement controls to limit access to authorized personnel. Administrators can then grant fine-grained permissions to corporate users via role-based access controls (RBAC).
Automation Anywhere offers full audit capabilities where all user actions are audited within the platform, providing records of all access and actions taken by operations personnel. Audit is automated for all privileged and non-privileged roles to conform to best practices as defined in NIST AC-6, the security controls and assessment procedures that employ the principle of least privilege. As with any enterprise application, the consistent and proper use of security controls depends on the organization.
SaaS applications are hosted on third-party infrastructure and run third-party software code, so proper secure design and architecture are required to ensure risk mitigation.
Automation Anywhere cloud architecture is architected from the ground up with a comprehensive set of security features that either automatically provide or are configurable by the data owner to provide data protection. Our enterprise cloud delivers several security capabilities and services to increase privacy and control network access.
Some of the capabilities in Automation Anywhere Enterprise A2019 include:
Additionally, these capabilities are on the roadmap for Enterprise A2019 cloud:
In summary, the Automation Anywhere cloud solution provides enhanced security, privacy, and compliance with regulatory laws. It is now possible for your business to run enterprise Robotic Process Automation (RPA) in the cloud for unprecedented scale and extensibility.
EXPLORE ENTERPRISE A2019
Gautam Roy leads the product marketing and strategy of security features for the Automation Anywhere product portfolio. He has more than 20 years of experience in the industry and is a frequent speaker at conferences and events.