Cloud operational responsibilities

Learn about secure deployment models, data element locations, and operational responsibilities.

Securing the Cloud

Automation Anywhere Cloud is deployed to only allow access to Automation Anywhere Cloud Operations personnel and Security Team resources. Network and cloud control plane access is restricted using VPN with multi-factor authentication for AAI operational and security personnel. All AAI users must first authenticate using MFA tokens to retrieve short-term credentials to access cloud resources. User credentials are continuously monitored for compliance. All other operational users, cloud resources, and applications are restricted from access to the Control Room. Regular AAI user access certification is conducted to ensure only necessary access is provided to cloud operations personnel.

The cloud service is multi-tenanted and each customer control room environment uses a unique tenant identifier to ensure data separation between the Control Rooms. Automation Anywhere members cannot access a customer environment unless specific permission is provided by the customer, typically under support troubleshooting procedures and controls.

Cloud: With the Automation AnywhereCloud offering, all business, personal, and operational data is stored on Automation Anywhere administered cloud. Automation Anywhere is the cloud data controller and is responsible for customer data privacy as published in accordance with Automation Anywhere cloud security and compliance with data privacy.
Privacy Policy for Automation Anywhere
Cloud-enabled: With the Automation Anywhere Cloud-enabled solution, business, personal, and operational data is stored and managed on the customer-controlled infrastructure, while specific operational data related to RPA is shared between the Automation Anywhere Cloud and the customer infrastructure. All data privacy and compliance rests with the customer.
On-Premises with updates through Cloud: With Automation Anywhere On-Premises with updates through Cloud service, all business, personal, and operational data is kept on and deployed from the server on-premises on the customer network. All data privacy and compliance rests with the customer.

The following table lists the securing data and operations responsibilities:


Data requirement	Cloud	Cloud-enabled	On-Premises with updates through Cloud
Infrastructure and data security	Automation Anywhere Cloud	Shared customer and Automation Anywhere Cloud	Customer
Continuity and disaster recovery	Automation Anywhere Cloud	Shared customer and Automation Anywhere Cloud	Customer
High availability	Automation Anywhere Cloud	Shared customer and Automation Anywhere Cloud	Customer
Data localization	Automation Anywhere Cloud	Customer	Customer
Data privacy	Automation Anywhere Cloud	Customer	Customer
Software upgrades	Automation Anywhere Cloud	Shared customer and Automation Anywhere Cloud	Customer

The following table lists data types and storage locations:


Data type	Cloud	Cloud-enabled	On-Premises with updates through Cloud
Customer business data Customer personal data Business data used in automation	Cloud. For more information on Cloud storage information, see Automation 360 Cloud FAQ.	Customer network	Customer network
Operational data Operations users, roles, passwords Device information Device credentials Bot schedule Bot definition Audit and application logs Workload management definitions and schedules	Cloud	Customer network	Management shared: Cloud Action package updates Customer All other data management
Personal data Username and password Security key User device information and credentials Bot Runner device access Bot device IP/FQDN Bot application credentials User application logs	Cloud	Customer network	Customer network

Automation 360