Review TagUI security features to either improve or document well - done

[kensoh]

Some starting points from Nandan, a reputable RPA influencer - https://www.linkedin.com/in/nandanmullakara/

https://botnirvana.org/4-steps-to-ensure-robotic-process-automation-security/

https://botnirvana.org/gsa-helping-agencies-overcome-mental-barrier-fielding-unattended-bots/

https://www.blueprism.com/uploads/resources/white-papers/Blue-Prism-Security-Guide-2020.pdf

[kensoh]

Also linking to - #959 (comment)

[kensoh]

https://forum.uipath.com/t/how-to-protect-passwords-and-ids/76158/6
https://theautomatic.net/2020/04/28/how-to-hide-a-password-in-a-python-script/amp/

[kensoh]

This link has no takeaways -
https://botnirvana.org/gsa-helping-agencies-overcome-mental-barrier-fielding-unattended-bots/

[kensoh]

This link below, first 2 topics are not relevant for bottom-up decentralised RPA, topic on audit and logging is done with report option and to be enhanced in #956, topic on version and change control users will be using MS Word documents as robots, version control is normally done by naming the file version.

https://botnirvana.org/4-steps-to-ensure-robotic-process-automation-security/

[kensoh]

https://www.blueprism.com/uploads/resources/white-papers/Blue-Prism-Security-Guide-2020.pdf

For above link on security features of Blue Prism, many topics are irrelevant because -

• TagUI's default implementation is an on-user-computer on-prem application that does not exist on any cloud
• industry specific certifications like PCI-DSS, HIPAA, SOX aren't applicable because TagUI doesn't store data
• TagUI isn't a SaaS or software on the cloud running on vendor's cloud, it runs on actual user's computers
• in decentralised RPA, no need and not advisable to have bot credentials as users are held accountable

The topic on encryption is relevant, following are recommended best practices for TagUI -

• For data at rest, storage encryption would be on user's computer OS-level as it is run on user's computer
• For data in use, recommend user to manually enter sensitive info like passwords before letting robots take over
• For data in motion, users enterprise apps websites are now https by default for secure data entry and retrieval

[kensoh]

09006a9 - added above to readme at https://github.com/kelaberetiv/TagUI#enterprise-security-by-design

[kensoh]

Closing issue, change included in latest packaged release - https://github.com/kelaberetiv/TagUI/releases/tag/v6.46.0