ROM 2 Development : Manage Security & Access
Security Considerations
<Window Authentication>
What are the benefits of using Windows Authentication instead of Mixed Mode for MSSQL database in Blue Prism?
The benefit of using Windows Authentication is Active Directory integration.
Active Directory acts like a strong centralized bodyguard. It manages user credentials better and reduces risks.
Whereas Mixed Mode means separate logins, increasing the chance of unauthorized access.
Choosing Windows Authentication strengthens your Blue Prism security.
<Multi-Authenticatinon>
In a multi-authentication environment, Blue Prism supports native, Active Directory, and external identity provider authentication.
This means users can login via different authentication types.
Roles and permissions are mapped individually, meaning each user has their own set of permissions.
However, with external authentication, roles can't be assigned based on user group membership.
In the single-authentication setup. Users log in via Active Directory and roles are linked to Active Directory security groups, so role mapping is crucial.
It's the key to a secure and well organized user management strategy in Blue Prism.
When choosing the authentication type, especially in a multi-environment setup, keep in mind that it's a decision made during user creation and cannot be changed later.
<Single Sing-On benefits>
What are the benefits of utilizing Single-Sign-On (SSO) authentication over Blue Prism native authentication?
SSO authentication offers a more secure and user friendly alternative.
With SSO, users can use a single set of credentials across various systems, including Blue Prism.
This simplifies user management, enhances security, and improves user experience.
So, if you're looking for a more secure and user friendly authentication method, SSO is the way to go.
<Least Privilege principle>
Have you heard of the principle of Least Privilege?
It's about giving users just enough power to do their job.
In a Blue Prism environment, this principle is critical. It minimizes the chance of bad actors causing trouble.
Think of it this way. If someone has access to sensitive information they don't need, it can lead to data breaches.
By limiting access to only what is necessary, you reduce the risk of these incidents.
This is why least privilege is a fundamental security principle.
<Secure communication setup>
How can organizations establish secure communication between Blue Prism components and target systems?
Let's explore.
It's essential to choose one of the secure application server connection modes to encrypt communications within your Blue Prism environment.
This ensures data confidentiality and integrity, safeguarding against eavesdropping and data tampering.
Most of the secure connection modes require the use of certificates.
Certificates act as digital passports, verifying the authenticity of the communicating parties.
By using certificates, you can be confident that your communications are secure and not vulnerable to malicious attacks.
It's a best practice for any organization.
<Security between development, user acceptance testing(UAT) and production enviromnets>
Have you ever wondered if security considerations differ across different environments?
Let's explore the differences between development, User Acceptance testing (UAT), and production environments.
In development, collaboration is key, with access limited to authorized developers.
This environment demands a focus on secure coding practices and regular code reviews.
Moving to UAT, we demand stricter controls to safeguard test data.
This environment requires secure data transfer protocols and controlled access to test data.
Now in production, we're in the live environment which requires the highest level of security.
This includes strong authentication, encryption, and rigorous change control processes to protect sensitive data and ensure uninterrupted operations.
So as we can see, security considerations vary across different environments.
It's important to have a comprehensive security strategy in place to protect your data and ensure uninterrupted operations.
<Security Assessments>
Have you considered the importance of regular security assessments and audits in maintaining the integrity of your Blue Prism environment?
Let's explore why they are crucial.
Regular security assessments are essential for identifying vulnerabilities and ensuring compliance with industry standards like NIST and OWASP.
They should be scheduled regularly, involve your internal experts, and use a mix of tools.
Findings from security assessments should be documented and actions prioritized and tracked.
Communication with stakeholders is key for implementing security improvements, keeping the Blue Prism environment resilient and up to date.
Stay proactive and keep your environment secure.
Database Security
<Encryption of Data in transit>
What would you recommend to secure data in transit between the application server and the database?
Keep it simple.
Configure the Blue Prism database connection with encryption and trusted server certificates.
Choose a method that suits you, like self signed certificates or verifiable server certificates.
By doing this you can ensure that data is secure in transit and prevent unauthorized access.
So keep it simple and choose the method that works best for you to secure data in transit.
<Transparent Data Encryption(TDE) for data at rest>
Data security is critical for organizations, so how can we protect data at rest within the Blue Prism database?
Transparent Data Encryption (TDE) is MSSQL's inbuilt solution for protecting data at rest.
Enabling TDE on the SQL database encrypts data pages before writing them to the database.
This ensures data security even when stored, preventing unauthorized access to sensitive information.
By implementing TDE, organizations can ensure that their data is protected at rest within the Blue Prism database.
<Data in use>
What is data in use in the context of Blue Prism and how is it kept secure?
Data in use pertains to active data residing in non persistent digital states such as computer RAM.
This is the data actively undergoing processing.
Blue Prism employs Microsoft's Secure String, essentially functioning as a digital vault and Safe String as its protective layer.
This combination ensures that even in a memory snapshot scenario, sensitive data such as passwords remains concealed, enhancing overall security.
Keep your data in use secure today.
<Database logs>
Let's talk about how often you should monitor and maintain database logs to prevent performance issues.
Regular monitoring of database logs is crucial for maintaining optimal performance.
Timely attention to logs ensures swift identification and resolution of any emerging issues, preventing potential performance bottlenecks.
This practice aligns with security protocols ensuring smooth operations and data integrity.
Emphasize developer best practices around stage logging and the use of multiple business object design to maintain efficient system performance.
Maximize your database logs for seamless operations and peak efficiency.
Credentials and Encryption
<Why use encrypted credentials?>
Let's discuss the importance of encrypted credentials in Blue Prism.
Using encrypted credentials in Blue Prism is crucial for safeguarding sensitive information.
It ensures that login details and other critical data are stored in a secure, unreadable format.
This extra layer of defense prevents unauthorized access, boosting overall automation security.
Employing encryption adds an extra layer of defense against potential breaches or data leaks, providing Peace of Mind for organizations handling confidential information.
<How to safeguard Encryption Keys>
Let's explore ways to enhance the protection of encryption keys within Blue Prism.
For optimal protection, store encryption keys as files on the application servers rather than in the database.
This separation between application and database servers minimizes the risk of unauthorized access.
Ensure that those with access to the application servers do not have access to the database servers, and vice versa.
This segmentation mitigates the risk of unauthorized access to critical information.
Elevate your data security with robust encryption key management.
<Tips for when creating encryption keys>
When creating a new encryption key, prioritize the most secure method.
The recommended choice is AES 256 AesCryptoService as it significantly influences data confidentiality and integrity in Blue Prism automations.
The encryption method selected plays a crucial role in ensuring the security of data used by Blue Prism.
Opting for AES 256 AesCryptoService enhances both confidentiality and integrity.
Aligning with FIPS compliance standards.
Elevate data security with the right encryption method in Blue Prism.
Access and Permissions
<Defining access for Digital Workers>
Let's delve into the Target System Access Model.
Collaborate with IT teams and system owners to ensure the most secure and efficient access method.
Consider Single-Sign-On and digital worker credentials management policies.
Creating role profiles for digital workers and the access they require is a great way to ensure efficient access management.
This means more digital workers can be easily and quickly set up when required.
By defining the Target System Access Model, organizations can ensure secure access for digital workers.
This is important for maintaining data security and integrity.
<Digital Worker access to Window systems>
Defining access is crucial for security and productivity.
Organizations should decide whether the operations team or digital workers themselves will manage the Windows credentials, for instance, automatically updating passwords which are nearing expiration.
You should ensure that access is limited to the necessary permissions, adhering to the principle of Least Privilege.
This ensures sensitive information is protected.
So let's prioritize secure access for digital workers. It's crucial for productivity and protecting sensitive information.
<Automated process run on Windows>
A digital worker requires a device that is logged in and not locked.
This may require you to reconsider security policies for digital workers, for example, no screensaver locking is required as the digital worker never leaves their desk.
The Blue Prism Login Agent can play a pivotal role in automating the login process for a Windows machine.
This involves configuring the Login Agent service with the required information to launch a Login Agent for the Digital Worker Runtime resource.
The Login Agent starts automatically when the device is powered on or rebooted, connecting to the designated Blue Prism environment.
It can then be manually or scheduled to login.
The Login Agent securely retrieves the relevant credential from the database and utilizes it to authenticate with Windows, ensuring a secure and streamlined automation experience.
This eliminates the need for manual login and ensures that the digital worker can operate as intended.
<Managing access to Production Virtual Desktop Infrastructrue (VDI)>
Access to Production VDI should be carefully controlled.
This means limiting access to specific users and VDI instances.
Implementing granular access controls is essential.
This ensures that only authorized users can access Production VDI environments.
Maintaining an audit trail is also critical.
This provides a record of who accessed Production VDI environments and when.
By following these best practices, organizations can secure their Production VDI environments.
<Mangaing a well-defined Logival Access Model(LAM) for complicance>
An LAM defines which user roles exist in Blue Prism and what permissions each of those roles have within the software.
Without a proper LAM, an everybody admin scenario can occur.
A well defined LAM also defines clear responsibilities ensuring that the right people have access to the right information.
This is crucial in ensuring compliance and data security.
Creating a tailored LAM that meets the needs of your organization requires involvement from all stakeholders.
This includes the Head of Automation, Governance Board, and IT.
In conclusion, a well defined LAM is crucial in ensuring the security and compliance of your Blue Prism software.
Don't overlook its importance.
<Maintaining a Logical Access Model(LAM) for compliance>
Regularly review the LAM to ensure it aligns with current security policies. This ongoing assessment is essential for compliance.
As your automation expands, proactively update the LAM.
Adapting to the changing landscape ensures continued compliance and effectiveness.
Follow your change control process for smooth updates.
It's crucial to ensure your LAM remains compliant and up to date.
Are you ready to take action?
Data Integrity
<Compliant with industry regulations>
The platform holds the highest level of Veracode Verified accreditation, achieving verified Level 5.
This certification validates Blue Prism secure software development processes.
The platform supports several industry standards, including Payment Card Industry Data Security Standards (PCIDSS), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley Act (SOX).
By aligning with these standards, Blue Prism ensures that organizations and sectors like insurance, banking, government, and healthcare can confidently leverage its intelligent automation technology while meeting stringent cybersecurity and information control requirements.
Blue Prism's compliance with industry regulations is a testament to its commitment to providing secure and reliable intelligent automation technology.
<Ensure data integrity>
Good Documentation Practice (GDP) is key.
Ensure you have quality, accurate, up to date documentation about your automated solutions, policies, test results, and how exceptions are handled to prove our automations work as per requirements and as documented.
This documentation is necessary to prove that automations work as required and consistently each time, consider a documentation library for easy recall of documents when requested.
I'd also recommend keeping documentation accurate as a step in your change control procedure too.
It helps ensure that digital workers are safe and programmed to do what humans did, but quicker and with fewer errors.
In regulated industries, computer systems validation is recommended.
Automated solutions that work in a consistent and replicable manner are a huge asset in this process.
So with good documentation practices and automated solutions, organizations can ensure data integrity and compliance in regulated industries.
It's essential to stay up to date and informed.
<Auditing of users and digital workers>
Blue Prism provides rigorous auditing features that record user actions.
This means that all important changes made by a user are recorded in the database for later inspection.
For digital workers, everything they do is recorded as well.
You can use the Process and Object Logs Viewers to view and access their associated session logs.
These auditing features are critical for compliance and regulatory purposes.
They help ensure accountability and transparency in your processes.
Blue Prism provides robust auditing capabilities.
<Maintaining data integrity & team security>
How can organizations ensure data integrity and protect their intelligent automation team from potential exposure to confidential information?
It's essential to have clear agreements on what sensitive access the developer team will be using, the purpose for which it will be used, and how long they should retain this access.
It is recommended that the IA team maintain documentation and self audit records when using sensitive access.
This builds an audit trail for incident management and compliance.
This then helps provide data security and protection of your teams with clear agreements and intelligent automation.
<Blue Prism developer's role in securing confidentail data>
How can Blue Prism developers ensure confidential data, such as sensitive employee or customer data, can remain secure?
The process developer plays a key role in ensuring that sensitive data isn't logged into the session logs.
It's recommended to encrypt information in work queues, ensure parameters are not logged, or ensure stage logging is disabled or set to errors only for key areas.
By adhering to these best practices, organizations can safeguard data integrity and provide a secure working environment for their automation team.
<Best practice for manaing debuggina and database performance>
Striking the right balance is critical.
During development and testing, enable detailed logging to promptly catch and address any issues.
For production environments, it's prudent to switch to a more selective logging approach, focusing on essential stages and error messages.
Optimize performance by using best practice for every phase.
Key Takeaway
Security Foundation: Security and access form the bedrock of a successful Blue Prism automation strategy, ensuring a resilient and trustworthy environment for both digital and human workers.
Robust Protocols: Establishing robust security protocols, following best practices, and aligning with security policies are essential steps in creating a secure and compliant automation ecosystem.
Continuous Journey: Security is a continuous journey, not a one-time task. Staying updated on security trends, conducting regular assessments, and fostering a culture of security awareness are crucial for long-term success.