This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Concerns raised by Security Team about our recipes

TLors_IN
Deputy Chef I
Deputy Chef I

3 weeks ago - last edited 3 weeks ago

Hi All,

We love our Workato deployment and the experience of implementing and growing recipes that support the business in the past two years. 

Our organizations is has over 4000 employees with many different software both on-prem and cloud/saas, thus we have over a 1000 recipes already and our Workato team keeps growing (4 members already).

Recently, security has been nagging us about the risks included in No-Code platforms and our recipes.

What are you doing to tackle Workato security? Both from a platform configuration/architecture perspective (we are doing this manually with a security architect from Security team), and from a recipe prespective (No solution/process just yet).

 

Keen on hearing your opinion!

0 Kudos
3 REPLIES 3

shivakumara
Executive Chef III
Executive Chef III

3 weeks ago

โœ… 1. Platform Configuration & Architecture (You're on the Right Track)
Since you're already involving a Security Architect โ€” that's an excellent start.
Key security levers to lock down the platform:

a. Workspace Governance
Use separate Workato workspaces per environment (Dev, QA, Prod).
Restrict user access per workspace using role-based access (e.g., developer can only access Dev).
Enforce SCIM/SAML for identity federation and user lifecycle management.

 b. Secrets & Credentials Management
Store credentials in Environment Properties or Connections with limited visibility.
Avoid hardcoding tokens or secrets in steps or log statements.
Use Vault integrations if possible (e.g., AWS Secrets Manager or HashiCorp Vault).

c. Audit Logging
Enable Recipe Lifecycle Logs and Job History retention.
Periodically export audit logs for compliance (via API or webhook).
Track changes in critical recipes and who made them.

d. Data Residency & Isolation
Use On-prem Agents or Private Agents if sensitive systems are involved.
Review whether PII or financial data is processed in recipes โ€” Workato may not be certified for all regulatory frameworks unless on Enterprise+ plans.

โœ… 2. Recipe Security & Best Practices
This is the area where security gaps often slip through โ€” especially as recipes are built rapidly by different team members.

a. Standardize Development Practices
Create a recipe template library: standardized patterns for error handling, logging, API call hygiene, etc.
Build modular callable recipes to separate logic and limit exposure.

b. Introduce Recipe Reviews
Adopt a peer review workflow before a recipe goes to production.
Use the โ€œcommentsโ€ feature to document assumptions, tokens used, and external APIs called.

c. Implement Error & Exception Logging
Log errors to a central system (like Splunk, Datadog, or Snowflake).
Avoid leaking PII or secrets into logs.

d. Data Flow Documentation
Document which recipes touch sensitive data โ€” who can view/edit them, what endpoints they call, what systems they write to.

โœ… 3. Security Monitoring
Use external monitoring platforms (e.g., Dynatrace, Splunk) to track anomalies or failures across recipes.
Optionally build recipes that log metrics and usage into a security lake (Snowflake, etc.).

๐Ÿงฉ Bonus: Establish a Workato Center of Excellence (CoE)
Maintain an internal portal/an Excel sheet for:
Best practices
Approved connectors
Templates
Security policies
Enforce mandatory onboarding for new Workato users to cover security.

TLors_IN
Deputy Chef I
Deputy Chef I
In response to shivakumara

3 weeks ago

Thank you so much @shivakumara for this very extensive answer! Very helpful to have this comprehensive outlook.

 

Is there any solution by Workato / commercial that can assist with receipe code review / vulnerabilities?

0 Kudos

shivakumara
Executive Chef III
Executive Chef III
In response to TLors_IN

2 weeks ago - last edited 2 weeks ago

Hi @TLors_IN ,
While there isnโ€™t a specific recipe code review feature, Workato offers an accelerator called AQS (Automation Quality & Security) Framework, which helps standardize and automate best practices for quality and security across your automations.

Thanks and Regards,
Shivakumara K A

0 Kudos
Copyright © 2025 Khoros, LLC