Hi. One of our prospects is asking for the information on our best practices for deploying robots in perspective of security.
They are worried about the poorly managed robot's deployment, say, just putting file on a certain file share by a certain person, and nothing more. Can we somehow strictly control robot deployments with any existing robotics features, or with any best practices, to keep the customer's environment protected from such offhand or, in a worst case, malicious operations?
If you are worried that someone could replace a deployment package with a malicious one, then you could digitally sign the packages using a certificate. In addition, you can work with your security teams to limit access to the file share where the deployment packages are located such that only authorized persons have write access to these files.
If you are using files to give the robots a list of work items and are concerned about that, then you could limit access to the directories where these are placed and/or put some controls in-place to validate them before processing. Using the Pega Robotics Console, the work items would be delivered via the Pega Platform, and would therefore be controlled by how they are entered into the Pega system. This would be the ideal manner of delivering work as it would either eliminate the files or add an additional processing step to add them to Pega where you would be able to validate them.