Security of UiPath Orchestrator

Hi, I noted that UiPath Orchestrator is a SaaS and customer will access directly to the application. However, may I check on the following:
(a) would it be possible for anyone (including UiPath who is managing the OS and DB to access the ‘assets’ (which stores all the credentials)?
(b) would it be possible for anyone (including UiPath who is managing the database) to make changes (e.g. disrupt) the jobs that are configured by the customers and/or packages uploaded by customers?
(c) how does UiPath assure the customers of the security controls in place to protect customer data in UiPath Orchestrator?

@shuling83

Welcome to the community…

Ideally the organization access is to be provided by the admin of the specific orchestrator …till then no one will be able to access or control the orchestrator under a specific organization

Please check this for more details explanation

https://docs.uipath.com/automation-cloud/automation-cloud/latest/admin-guide/security

Cheers

Hi @shuling83

  1. User Roles and Permissions: UiPath Orchestrator allows administrators to assign different roles and permissions to users. By properly configuring roles, you can control who has access to assets and jobs and limit the ability to make changes.
  2. Audit Logs: Orchestrator keeps detailed audit logs of all activities, including changes made to assets and jobs. These logs can be used to track any unauthorized modifications and identify the responsible party.
  3. Version Control: Orchestrator supports version control for assets. Whenever an asset is modified, a new version is created, allowing you to revert to a previous version if needed. This helps prevent unauthorized changes and provides a history of asset modifications.
  4. Secure Communication: UiPath Orchestrator uses secure communication protocols, such as HTTPS, to encrypt data transmitted between clients and the Orchestrator server. This helps protect against eavesdropping and data tampering.

Hope it helps!!

1 Like

UiPath Orchestrator is a cloud-based platform, and as such, UiPath is responsible for the security of the infrastructure and the application itself. UiPath takes security very seriously, and has implemented a number of security controls to protect customer data. Here are some answers to your questions:

(a) Access to assets: UiPath has implemented strict access controls to ensure that only authorized personnel have access to the customer’s data. UiPath only accesses customer data when necessary for support or maintenance purposes, and only after obtaining customer permission. Access to the assets that store credentials is also tightly controlled, and UiPath has implemented encryption and other security measures to protect this data.

(b) Changes to jobs and packages: UiPath has implemented security controls to prevent unauthorized access to customer data and to prevent changes to jobs and packages by unauthorized users. UiPath also has monitoring and auditing capabilities to detect any suspicious activity and to prevent unauthorized changes to customer data.

(c) Security controls: UiPath has implemented a number of security controls to protect customer data in UiPath Orchestrator. These include:

  • Encryption: UiPath uses encryption to protect customer data both in transit and at rest.
  • Access controls: UiPath has implemented strict access controls to ensure that only authorized personnel have access to customer data.
  • Monitoring and auditing: UiPath has implemented monitoring and auditing capabilities to detect and prevent unauthorized access to customer data.
  • Compliance: UiPath complies with industry standards and regulations such as GDPR, SOC 2, and ISO 27001.
  • Regular security testing: UiPath regularly performs security testing and vulnerability assessments to ensure that the platform is secure and up to date.

UiPath also provides customers with access to security documentation and other resources to help them understand the security controls that are in place and to ensure that they are following best practices for securing their own data.

1 Like