If Robotic Process Automation (RPA) isn’t on your tech short list, it should be. Not just because it’s cool, which it is, but because it’s a necessity in a cost-cutting climate of doing more with less. RPA lets you create bots—software robots—that automate processes and interact with your systems and apps the same way humans would.
Bots can learn and don’t suffer from burn-out
First, to be clear, we’re not suggesting replacing your people with bots. We’re talking about letting the bots do the repetitive, high-volume, error-prone tasks so your team can focus on more important and rewarding work. RPA creates bots using technology that mimics human behavior to perform simple or complex repetitive data entry tasks and business processes. And these virtual worker bees don’t get distracted, bored, or burnt out, even while on duty 24/7/365.
A problem—and solution—with impressive scale
As an example, while visiting our largest Defense client, a mid-level security engineer practically begged us for a solution to identifying and mitigating security vulnerabilities on several thousand end-user devices. This daily and time-consuming task included the opening of multiple applications to identify, patch, and secure each vulnerability, only to be rewarded by the additional pain of manually producing multiple reports documenting all activity.
A critical but tedious task, it was a complicated cross-analysis of four detailed data sources—DISA’s Assured Compliance Assessment Solution [ACAS], Microsoft’s System Center Configuration Manager [SCCM], ePO/McAfee, and Active Directory [AD]—all to identify active security risks and create tickets in the BMC Remedy system to patch or take a device offline. This engineer’s responsibility was for about 6,000 devices in an enterprise of several hundred thousand, meaning there were lots of other human engineers performing the same convoluted, manual processes—making the waste of time and budget exponential.
The challenge launched our RPA initiative
Our solution uses AI to automatically launch the SCCM and ACAS scans and pull data from AD and McAfee/ePO to cross-correlate devices, users, and vulnerabilities, identifying potentially out-of-compliance devices. The security engineer’s business rules are embedded into the process to identify and select those issues to be entered into the incident management system. Then, the RPA bot ‘logs in’ and navigates to the correct Remedy screens to create individual tickets for each device requiring attention. The bot logs into each system to perform each of the separate tasks, chaining them all together to form a virtualized process—all without writing procedural code to interface with any vendors’ system API. And the security engineer gains valuable time to focus on more complex, non-manual tasks, directly impacting organizational effectiveness, increasing productivity, and corralling costs.
How to decide which processes to automate with RPA
The first step is to identify manual processes that will yield the greatest benefit when automated. A word of advice—choose cases that follow rules-based logic with relatively few exceptions and with processes that don’t change regularly. Thoroughly documenting the current process to later compare it with the end result of RPA will provide the clarity needed to continue employing RPAs beyond your initial pilot. When organizational and economic impacts are quantifiable, ‘yes’ becomes much easier. The following guidelines can help you narrow the selection of candidate use cases in your organization:
HIGH COST The most impactful processes are expensive and touch multiple end users. In our example, determining high-risk vulnerabilities required touching thousands of end users. The expense was easily determined by scaling the cost of the engineers’ activity across the enterprise. The ROI and payback period can make an economic argument very strong.
HIGH REPETITION One of the key benefits of RPA is the reduction of highly repetitive human effort. Repetitive data tasks at volume may be an indicator of low-order activities that can be automated. Consider automating your highest volume processes first.
ERROR PRONE In a high-volume, multi-step manual scenario, humans are prone to process-fatigue, distraction, and inattentiveness, which leads to an increase in errors. Consider the impact RPA could have on lowering risk or improving the end-user experience.
LOW ERROR TOLERANCE In many instances, manual mistakes or oversights can introduce security risk or even create regulatory problems. Automation can reduce the probability of error in most cases, by routinizing decision logic or eliminating keystroke errors.
TIME SENSITIVITY Procedural backlogs that delay the delivery of services to end users or delay the notification of risk events are prime for RPA. It’s almost impossible to focus 100% of a person’s time and attention to searching for vulnerabilities without taking a break. But a security bot can constantly and tirelessly watch, process, and report vulnerabilities.
LABOR ELASTICITY Processes with wide demand variation force you to either over- or under-hire. The cloud introduced us to the value of elasticity regarding storage and computational demand. RPA-enabled processes provide the same type of elasticity, letting you scale up or down, regardless of peak demand or timing.