Process Deep Dive #2 - GP Referrals into Kainos Evolve
Updated: Dec 30, 2019
On occasions the ability to automate processes is hampered with the need for physical interaction such as the handling of paper or in this case, the need to use a physical plastic smart-card to access the NHS Electronic Referral System. (ERS). To access ERS, it is necessary to insert a plastic card into a slot in a PC or keyboard and type in a four digital pin number to authenticate access (much like a bank card).
As our bots are completely software-based and virtual, unless I could find a solution to this challenge it would prevent me from delivering the GP referral automation. Some Trusts have created a software utility that would simulate the plugging in and out of an external USB card reader to trigger entry of the card pin-code secured in metal cages. In a world of modern technology this was not a direction I wanted to go.
I found a company called Isosec who have many NHS customers using virtual smart card (VSC) technology for end users. With VSCs, a physical card is NOT required.
This solution offers the same two-factor authentication of a physical smart card but with additional security in that virtual cards cannot be left sellotaped into a keyboard with a pin code written on it, dropped in the car park or left on the bus, and as it is linked directly to an active directory login it prevents the user from sharing their virtual card.
Adapting this solution to work with the Thoughtonomy platform is hugely powerful. In fact, using robot users to access systems using virtual smartcards enhances security even further as;
The Thoughtonomy platform offers extensive audit capabilities - every keystroke, mouse click, data input and changes are logged in detail into a secure audit vault. More intensive and detailed than the systems being accessed by a human.
Virtual smart cards are assign to individual bots for specific processes and so access is granted on the basis of role-based access. The same as our internal IG and GDPR policies.
Only the bot to whom the virtual smart card is assigned may use it for the processes it is authorised to execute.
Virtual smart cards are assigned to individual active logins for the bot workers - they are not transferable and cannot be shared with other active directory accounts.
The pin code assigned to each card is store within Thoughtonomy's encrypted credentials vault. The pin code is masked out and cannot be viewed by any of the development staff using the platform. The only way to access any system using the assigned virtual smartcard is to use the bot it is assigned to (ensuring every thing is stored in the audit vault)
I have been using virtual smart cards for 18 months now and i challenge anyone to make a case that this technology combined with the advanced controls of the Thoughtonomy platform offer greater risk than a human using a plastic card.
So with the physical challenge negated... time to move onto the next blog...
If you have enjoyed my first week of blog entries please share www.somethingincredible.co.uk via your social media channels and subscribe.