According to the Securing the Digital Workplace report, ensuring compliance is a higher priority now than it was 12 months ago for 72% of organizations. But keeping up isn’t always easy and in today’s highly regulated business environment, the cost of compliance is high.
A 2017 Ponemon study found that depending on the industry, data protection compliance costs range anywhere from $7.7 to $30.9 million annually. That same study also revealed that the cost of non-compliance is actually 2.7 times higher. Recent data privacy regulations including GDPR and CCPA point to an increasingly complex data privacy compliance burden for industries that deal with personally identifiable information (PII) and many believe that Robotic Process Automation (RPA) can lower the cost and mitigate the risk of human error.
Robotic Process Automation (RPA) is a technology that automates business processes through the use of software or “robots” that complete repetitive tasks on a computer typically performed by humans. This technology can significantly reduce the human cost of compliance and the potential fines that inevitably occur through sensitive data handling errors.
By way of example, the average-sized community hospital spends almost $7.6 million each year on administrative tasks to ensure compliance with various data privacy regulations, such as HIPAA. But, while telecom, insurance, banks, and utilities have gone all-in on RPA, healthcare is still testing the waters with proof-of-concept projects. Like most innovative technology decisions these days, security and privacy are primary barriers to widespread adoption.
Most RPA vendors provide native security features including TLS encryption and access management. However, object-level encryption and additional control features are necessary when bots are utilized in a cloud environment. For example, Virtru recently worked with a company that needed to secure custom workflows to ensure that when sensitive data is retrieved from their cloud storage provider and shared within and outside the organization, the appropriate levels of encryption and policy controls were applied.
In this use case, the bot handles the movement of files containing sensitive data from a local storage location (e.g. File server, NAS, desktop, etc.) to Google Drive. Another bot encrypts the data using Virtru, adapts the policy using our access control management capabilities, then downloads and decrypts it where it resides securely in a folder located on-premise or moved to another cloud storage platform. While the opportunities for RPA are endless, this is a very simple, transactional task that would otherwise be performed by a human resource exposing the company to the risk of error and higher costs.
Since Virtru is device, platform, and protocol agnostic, our Data Protection Platform can be utilized with any automation partner and any cloud storage provider. By applying best-of-breed data protection to compliance workflows where sensitive data is present, we hope that industries carrying a high compliance burden can begin to fully realize the ROI of RPA solutions.
For example, the healthcare industry, as we discussed previously, is lagging behind in RPA adoption. But the reality is that channeling more dollars towards training current staff to complete more complex tasks and investment in data analytics innovation is key to the future of healthcare innovation.