A multinational bank with 60,000 internal and contractor staff, for example, faced the dilemma of how to make IAM more efficient. Provisioning access for all of these employees to its 300 internal systems was no easy feat. In fact, it was a centralised, dedicated task fulfilled by a team of 50 individuals.
This dedicated team handled approximately 150,000 requests every year for employee access control into the right areas of buildings and into the right applications. Each request involved access to an average of eight applications and took four days to complete. Getting it wrong has significant consequences, particularly the threat of data loss or misuse.
A recent study by Forrester Research identified a direct correlation between data breaches and an organisation’s IAM maturity. While sophisticated IAM solutions are commonplace, they involve substantial manual labour and, more importantly, rely on the complete, consistent and error-free application of company policies by humans.
Assigning access rights to employees is one of the first key steps in security. But there’s got to be a more efficient way than the very labour intensive and repetitive way the bank, and many other organisations, are going about it, especially for something so time critical as onboarding new employees.
It’s a real problem that organisations face. The greater the number of people, the more exacerbated the problem. Not only does it impact access control, but privacy and cybersecurity are also fundamental concerns, particularly securing digital identities.
So how do you make IAM, and cybersecurity in general, more efficient?
Introducing digital workforces
The emergence of automation and digital workforces is a game changer, bringing new levels of efficiency to all aspects of business and industries. With the ability to automate time-consuming, mundane and repetitive tasks, robotic process automation (RPA) is increasingly playing an important role in improving the efficiency and effectiveness of IAM. In particular, minimising human involvement and reducing the number of errors that occur in that process.
If we go back to the bank example, a digital workforce was integrated into the company’s IAM process to cover the highest volume request types. Digital workers complete elements of those requests that are in-scope and returns any uncompleted elements to their human colleagues for manual fulfilment.
A large portion of the bank’s access requests are now automated, reducing the process from four days to a couple of hours. The number of reported errors decreased from 15 percent of requests to less than one percent, which is the most important element from a cybersecurity perspective given that errors create the potential for breaches.
This example illustrates the benefits of applying digital workers in cybersecurity situations.
Cultural and organisational challenges
Typical challenges with implementing a digital workforce in IAM are generally the same as those that impact most RPA implementations irrespective of use and technology solution. The primary challenges lie with organisational and cultural adoption problems arising from a fear of the unknown, obsolescence and job redundancies, as well as an unfamiliarity with the best practices of operating a hybrid, human/digital workforce.
A lack of understanding has led many to think technology is going to replace them, or at a minimum reduce the workforce. This couldn’t be further from the truth. Digital workers won’t replace humans with machines – it isn’t a plot to dismiss humans from the workplace altogether.
Instead, they free up human talent to focus on higher value and more rewarding activities that serve to differentiate the business. The role of digital workers is to augment and complement their human colleagues, “freeing the robot” inside of them in the process, and in turn, increasing their overall job satisfaction.
Preparing the workforce for change
The key to success is having a solid change management process in place and involving employees early on in the journey, so they clearly understand the impact and intention of the automation project. The reasons must be clearly communicated so they’re easily understood to engage the business and get everyone on board.
In many cases, automation will take a portion of people’s roles or daily activity away, so know from the beginning how you’re going to reallocate their time. Upskilling will be required if employees are now being asked to do something different that wasn’t part for their previous job.
Treat digital workers as securely as humans
Like with the human workforce, RPA has the potential to touch every enterprise application, as well as the critical data within it. This of course streamlines processes, but given a digital worker is attributed a number of privileges, it’s critical to ensure that data isn’t misused.
Organisations have come to understand that a digital workforce requires oversight, security and governance safeguards similar to their human counterparts. Strict controls must be in place to regulate how digital workers are configured and how any changes are managed and approved.
One thing is certain, by properly managing the unification of human and digital workforces from the very beginning, you’ll have a greater chance of success in improving your IAM workflows.
About the author
*Dan Ternes is chief technology officer, APAC for Blue Prism. He is a senior IT executive with 25 years’ experience in the enterprise software industry, architecting and evangelising innovative solutions across RPA, BPM,