Security by envelopment: a novel approach to data-security-oriented configuration of lightweight-automation systems

Thumbnail Image

Access rights

openAccess
publishedVersion

URL

Journal Title

Journal ISSN

Volume Title

A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)

Authors

Date

2024-09

Department

Department of Information and Service Management

Major/Subject

Mcode

Degree programme

Language

en

Pages

23

Series

European Journal of Information Systems, Volume 33, issue 5, pp. 631-653

Abstract

Organisations’ increasing adoption of lightweight automation, such as robotic process automation (RPA), raises concerns about the associated systems’ robustness and security, with data-security concerns becoming further accentuated when tools of this sort are deployed for handling of potentially sensitive data. However, literature on designing these tools in a manner mitigating risks related to organisational data security has remained scarce. This paper addresses this gap by presenting a study in which RPA was successfully designed for a process wherein the software robot handles sensitive personal data. Informed by work on the mindlessness of automation, sociotechnical envelopment, and security by design, this empirical study, employing action design research at Wärtsilä Corporation, pointed to three design principles, related to envelopment, access rights, and audit trails. By adhering to these, Wärtsilä created envelopes around the robot that afford the automation’s safe operation and processing of the sensitive data. This research advances the theory of sociotechnical envelopment’s design and deployment by introducing a novel approach in security by envelopment to elaborate on the security-oriented envelopment of mindless automation agents. The paper also discusses the practical utility of the artefact designed, in terms of both design and evaluation.

Description

Publisher Copyright: © 2023 The Author(s). Published by Informa UK Limited, trading as Taylor & Francis Group.

Keywords

action design research, envelopment, Lightweight IT, Organisational data security, robotic process automation

Other note

DOI

10.1080/0960085X.2023.2217362

Citation

Asatiani, A, Hakkarainen, T, Paaso, K & Penttinen, E 2024, ' Security by envelopment: a novel approach to data-security-oriented configuration of lightweight-automation systems ', European Journal of Information Systems, vol. 33, no. 5, pp. 631-653 . https://doi.org/10.1080/0960085X.2023.2217362

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202306304379

Collections

[article-cris] Palvelut / Services