2019 CSO50 Awards

HP gives software robots their own IDs to audit their activities

What are your robots up to? HP's new Digital ID for software robots keeps track of digital underlings.

ai robotics mathematics equation analytics virtual screen
Getty Images

2019 CSO50 Awards

Show More

Robots are replacing employees in the enterprise, especially those who perform repetitive tasks. So-called robotic process automation (RPA) involves software programs that perform predetermined tasks on a daily, weekly or monthly basis. A good example would be checking invoices in an accounts receivable department or performing end-of-month accounting.

There's a problem here, though. How do you keep track of what your robots are up to? Ensuring that your accounts-payable RPA doesn't start sending money to a prince in Nigeria seems like a good idea. Enter HP's new Digital ID for RPAs.

"RPA is taking the industry by storm," Jayaraman Krishnamurthy, manager RPA support at HP, tells CSO. "The key to this automation is the task has to be repetitive in nature. Checking invoices for correctness, posting an invoice, creating an audit.... these are highly ideal RPA examples. We can use a software robot to mimic that."

But how do you keep track of what an automated process does? How do you audit its activities, and recover when it makes a mistake? "Mistakes will happen. How do we mitigate and come back from that?" Krishnamurthy asks. "Digital ID ensures you can have proper control and ownership."

Robots need ID badges too

Unlike physical robots working on, say, a car assembly line, it's a little less obvious what software robots are doing and how to identify when they malfunction. As RPAs gained traction in the enterprise, they typically ran using an employee's ID — and credentials. However, this is a poor security practice and makes it hard to audit who did what. "When we want to know who passed [a transaction], the robot or the employee, it can be difficult for us to understand, because the IDs are not unique," Krishnamurthy says.

hp jutley screenshot 20190209 172829 HP

Jayaraman Krishnamurthy, manager RPA support at HP

One ad hoc solution has been to create generic accounts, called service accounts or supplemental accounts, that are not controlled by an individual employee. This solution has problems of its own. If, for example, multiple RPAs are using those accounts, it can make it difficult to establish an audit trail.

"Let's say a generic ID makes a tax entry and something goes wrong in the program," Krishnamurthy says. "We immediately need some ownership. The one who posted the entry needs to be able to correct it, otherwise that affects the bottom line." The solution, he says, is to give each RPA its own ID, making it easier to track and audit their activity.

Digital ID also permits much finer-grained permissions than either using an employee ID or a service account, Krishnamurthy says. While human employees may need a wide swath of permissions to perform their work, most RPAs require narrow permissions to perform a single task repetitively. Applying the principle of least privilege to RPAs means than an RPA processing credit card payments, for instance, does not need access to process incoming checks or other forms of payment. This segmentation mitigates the risk of compromise of any given RPA.

The future of the robotic work force

HP's Digital ID for software robots is currently only deployed in-house on a few hundred RPAs, but, Krishnamurthy tells CSO, HP plans to expand the deployment to the several thousand RPAs working across the company, and eventually offer it as a service to clients as well.

Digital ID for RPAs can be used in many different verticals, Krishnamurthy says, including sales, operations, supply chain, logistics, HR, marketing and finance. "Anywhere you have a robotic process or automation you can always put this process in place."

Copyright © 2019 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)