Skip links

UiPath partners with CrowdStrike to secure SaaS workflow automation

UiPath is expanding its robotic process automation (RPA) platform with new features it hopes will put it on CIOs’ radar, including better security, a cloud-native delivery model, and the ability to automate through APIs as well as the UI.

The security component comes through a partnership with CrowdStrike, while the API automation is the fruit of UiPath’s acquisition of Cloud Elements in March 2021.

A recent survey by IDG Research found that many IT organizations are showing no interest in RPA, even as the appetite for business process management and workflow automation is growing. UiPath’s move up the stack toward more sophisticated API automation capabilities — and workflow automation platform ServiceNow’s partnering with process mining specialist Celonis — are a sign that automation vendors are seeking to address CIOs’ broader concerns.

The Fall 2021 release of UiPath’s RPA platform will enable users to drive applications not just through the user interface, but also through APIs, and to combine both methods within the same automation. There will be 70 pre-built connectors by year-end, with more to come.

“We’re making all of those APIs, our connectors, and all the authentication protocols that support those connectors and cloud connections natively available within the UiPath design environment,” said UiPath Chief Product Officer Param Kahlon. “You can now construct a business process or a workflow that is using a combination of APIs, UI automation, and machine learning prediction all in one go.”

Previously, the UiPath agent would have had to run on a Windows machine, but now, said Kahlon, “All of that execution could actually take place in a Linux-based container, so it can scale over time as you’re using it.”

Automation in the cloud

UiPath has adapted its entire platform to a cloud-native delivery model, delivering it in SaaS mode to over 2,500 customers, Kahlon said. To do so, UiPath developed specialized management tools and deployment tools, which the company is packaging as a Kubernetes deployment that customers run in their private cloud or on-premises.

“That reduces the cost of running the platform, but also gives the same consistent and uniform experience for customers choosing the cloud version of our product or choosing to deploy it on premises,” he said.

With UiPath’s agents now able to run anywhere and, through those cloud connectors, access data almost anywhere, users may be concerned about security: How can they ensure that the access they give agents to their data will not be misused?

“You want to ensure the robots are adhering to the same policies, or maybe more stringent policies,” said Kahlon. “For example, you may want to allow employees to access their own confidential information stored in SharePoint, but maybe you don’t want a robot to access that information or, if a robot accesses it, you want to know when it accessed it and what it did.”

UiPath’s answer to that is an engineering partnership with CrowdStrike, making it easier for CrowdStrike’s Falcon endpoint security tool to monitor and, if necessary, limit, the data that UiPath’s agents are able to access, and for UiPath users to get more detailed reports on which agents did what. When the latest versions are released — on Oct. 25, 2021, in UiPath’s case, and in early November for CrowdStrike — joint customers of the two companies need only link their two products to enable the new capabilities.

“You decide as your policy administrator what you consider to be threat activity. With this combined solution, what customers can do is be able to monitor robot activity, get alerts when robots do something that’s not per policy, or just seems like the behavior is not what was expected,” Kahlon said.

One possible application would be on machines running Microsoft PowerShell. “This is a pretty powerful tool that gives the administrator privileges on the machine. You may want to say that PowerShell privilege is not available to robots, so if somebody builds a script that is getting the robot to invoke something in PowerShell, you want to stop the robot from executing that,” he said.

While UiPath partnered with CrowdStrike on security, for other capabilities it is trying to build out its own platform, said Kahlon.

“Our focus is taking what we have done well in RPA and expanding it to create an end-to-end platform that customers can use to discover processes, run automations through API or UI or machine-learning-based predictions, and then be able to create engaging experiences around that end-to-end product.”

Competitors such as Celonis or ServiceNow only do portions of those things and are partnering to build a more complete offering, he said. “From our perspective, it’s a validation of the fact that what customers are looking for is an end-to-end platform as opposed to pieces of it.”

At its Forward IV user conference in Las Vegas this week, UiPath revealed some of the other capabilities it is adding to its platform, including robot auto-healing, which uses its platform’s IT automation capabilities to detect and fix issues in the runtime environment, new solution templates, and a new framework for customizing process mining.

Next read this: