OpenRPA security considerations

anand · May 31, 2023, 7:14am

We need some clarity on the below with respect to the security considerations, please help with your valuable feedback.

Provider shall ensure that the platform should be compatible to integrate with cybersecurity solutions for Data Classifications, Data Protection, Data Monitoring, e-discovery, logging and IAM.

Allan_Zimmermann · May 31, 2023, 9:06am

I have no idea what you mean, please be more specific.
Architecture and security considerations are all explained here

anand · June 2, 2023, 7:22am

Hi @Allan_Zimmermann ,

Thanks for your response.

We are working on a proposal and planning to utilize OpenRPA as a solution. The client is requesting whether OpenRPA is compatible to integrate with cybersecurity solutions for Data Classifications, Data Protection, Data Monitoring, e-discovery, logging and IAM.

Please help us with the following details

Could you please let us know if OpenRPA is compatible to integrate with their cybersecurity solutions? If yes, could you please let us know how this can be achieved?
As a attended bot, How secured is OpenRPA? Is there any security certification to support it?

Allan_Zimmermann · June 2, 2023, 7:52am

Hey,
I really do not understand Question 1. Are you asking if there is a “connector” to send/receive information from the customer’s cybersecurity solutions? Right off the bat, I can say probably not, but that is why RPA is powerful. There are most likely a few ways we can’t do it anyway. Maybe ODBC, maybe a REST interface, or maybe we can use OpenFlow as a middleman. It would be helpful to know the name of the product so we are not just guessing. Do you have any documentation of that system and know what kind of things you want to automate inside it?

Question 2:
No, OpenRPA and OpenFlow do not have any certifications. Those are very expensive, and without funding and a large number of donors, it is impossible to obtain them right now. However, I can tell you that both OpenRPA and OpenFlow are being used in regional and national banks, all types of governmental institutions worldwide, highly sensitive medical companies, energy and water distribution companies, and more. These are all places that require a high degree of stability and different types of high security. Many of them regularly hire external companies to perform penetration testing or system inspections, and so far, they have never found anything critical. It’s funny that we are talking about this because yesterday was the second time in 4.5 years that someone reported a critical security flaw in OpenFlow, and it was fixed within 1.5 hours. OpenFlow was specifically designed to make it easy to comply with highly regulatory environments. Hence, if you need to comply with HIPAA, FedRAMP, GDPR, etc., that will not be an issue.

BACCMED · June 2, 2023, 1:10pm

Hi @Allan_Zimmermann

By the way , why you don’t share the Key accounts list that use openRPA as well as their testimonials
This helps to expand the community

Allan_Zimmermann · June 2, 2023, 1:13pm

I can’t … most of my customers are companies that implement OpenRPA/OpenFlow at their customers (partners)… so their are not my customers directly
So i some times learn the name of their customers, so i have a good idea on what “end customers” are using it, but I cannot list them as references

system · June 9, 2023, 1:13pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.