Bots on the Prowl — Addressing Concerns of Application Owners.
One of the biggest hurdles that RPA projects face post getting go-ahead, is obtaining access to applications that bots are to be interfaced with. Based on the paper work and complexity of the organization’s access/entitlement management systems this step could take weeks, if not months.
The best solution for this is to educate the application owners about bot interaction techniques and build their confidence on RPA technology. As a RPA Practitioner, I have seen the below two as the major concerns raised by IT owners of applications
a. Will adding bots on my application affect the load & eventually degrade the performance?
b. Are bots secure?
Attempting to dwell deeper into these concerns and trying to address them .
Bots can be timed
A misconception that may arise on the mind of application owner is that bots are brute force software components that will drain out resources by continuously accessing the application. Au contraire, bots can be timed and slowed down. This is to be followed as a best practice and implemented diligently.
Bots can be programmed with intelligent wait stages to ensure the application loads up and the all UI elements are present. Also, between processing records wait stages can be added to confirm the solution is stable & steady. Most importantly, ‘reducing processing time’ should not be defined as the only objective/benefit of any automation undertaking.
Bots are built on human experiences
While building a bot the RPA team can involve multiple IT Stakeholders and not just bot developers, this assists in making the automated solution more efficient. Bots, when properly designed and performance baselined can reduce the load on applications when compared to adding manual users.
Case 1: In an AS-IS process, the user logs in to application via UI and does a series of operations for reconciliation purpose. The sequence of operations trigger a complex SQL query that fetches high volumes of data thereby adding load to the application and slowing it down.
In the RPA solution, the process sequencing was tweaked, made more efficient and the data fetched in smaller bunches. This reduced the existing load on the application, even with the addition of bots.
Case 2: An AS-IS process used a macro developed ten years ago to fetch data. The macro was outdated and impacted the application’s performance due to sub optimal queries.
In analysis phase RPA team worked with the IT Application owner as well as experienced macro developers to zero down the root cause of the issue and re-engineered the macro functionality for RPA. Turnaround time for the process drastically reduced and helped the BU achieve SLAs comfortably.
Monitoring Performance Metrics
When a bot is introduced on an application, the IT app owners can turn to their SQA teams for performance testing to ensure there is no undue load on the application. Multiple KPIs/metrics can be captured by simulating production scenarios, performance of the application is to be closely monitored and the solution certified.
- Exploring alternate sources of data — Data sources from more robust applications that have multiple interfacing channels can be explored.
- API and MQ Integration — With most applications having API endpoints or interfaces with messaging systems, bots can be integrated with those and avoid the UI access method.
A bot is as secure as its entitlements.
A bot ID should be treated similar to a manual user’s ID, each BU and use case is allocated unique bot IDs with entitlements that enable them to perform only the functions that are required for the particular automation project.
Some ways to ensure security:
- Utilize RPA Products that are certified for compliance and security (Eg: Veracode, PCI)
- Bots use industry standard password vaults
- RPA program has a robust governance model and adheres to org’s data governance rules
- Periodic audits/evaluation by organization’s Information security team on the RPA Product, technology landscape as well as RDLC process.
- Centralized repository for Bot ID and entitlement management
- Ability to handle Multi Factor Authentication