Artificial Intelligence (AI) is everywhere, and Identity Security is no exception. I've been considering its impact up to now and its potential future impact on the Identity Governance and Administration (IGA) subset of identity security. Could this be the long-awaited game-changer we’ve envisioned?
All IGA vendors, the big players and the new entrants, claim to have valuable and functional AI in their products. A new entrant to the market would be laughed off of LinkedIn if it didn't have an AI offering, and the traditional platform vendors claim to have baked AI into their recipes since the beginning. I think they mean machine learning rather than generative AI really, but who am I to judge?
I'd say it is pretty obvious, but one must appreciate that AI isn't going to 'solve' IGA, the challenges it’s presented and continue to present to complex organisations.
However, there are areas in which AI can surely add a lot of value. I'd summarise these as follows:
Author:
Paul Dawson
Chief Services Officer at CyberIAM
- Access Reviews:
The bane of Line Managers', Application Owners', and Identity Administrators' lives everywhere, AI's ability to draw attention to the most risky access and draw upon/report on access patterns across similar team members can undoubtedly be very valuable - in terms of efficiency of the access review process and user experience.
Can AI prevent the tick-box "maintain-all" culture? Possibly not, but the proactive suggestions it can provide are certainly useful. For sure, it has the ability to reduce the administrative burden on reviewers and improve their decision making.
- Role Mining:
The ability to analyse patterns mentioned above also allows AI to attack the challenge of role mining - another IGA challenge that has evaded resolution in the main, and prevented effective and pervasive Role- Based Access Control (RBAC) being implemented.
For me this is more about big data analysis, but I guess that it is the recommendations that AI can provide, in addition to the real-time view, that has the possibility of bringing about real change and improvement. It will reduce the amount of manual effort in the role-mining activity and allow it to always up to date via ongoing dynamic data analysis.
- Visibility:
This overlaps with Identity Security Posture Management (ISPM) in addition to IGA, but the real-time view of access and the risk associated with it is clearly of enormous benefit to identity security administrators. Again, this feels more like machine learning to me, but the additional layer that true GenAI can provide over that data is the benefit that AI should bring to the tooling.
- AI-Enabled Application Onboarding:
This one is slightly different because it pertains to the IAM/IGA program completeness rather than process control effectiveness directly, and can benefit IAM technical professionals rather than end users and administrators. This feels to me like the "least real" benefit as I have seen little of it in the real-world as yet. However, Sailpoint have exciting features in this area, and Saviynt are also making noises about similar functionality. These features could be game changers in the well-known challenge of getting your applications connected to your IGA solution - Watch this space!
AI can't yet replace real human decision making and I'm not sure we're quite ready for that in the Identity Security world. It is critical to understand that it has a reliance on good data - without which, there is the risk of it making poor suggestions/decisions.
An organisation that believes that the AI in an IGA tool can make up for unreliable and inconsistent identity data are not only kidding themselves but are putting themselves in danger of increasing risk if they act upon poor AI insights that are based on poor data.
What AI can do is increase the efficiency and speed of IGA - something that feels long overdue. The scale of the IGA challenge continues to increase with pace (with non-human identities increasing the dataset challenge exponentially) so whilst we must remain ever so slightly sceptical of the vendor's claims around their GenAI capabilities around IGA, we must also embrace them.
Exciting times!
Get in touch
If you would like more information about CyberIAM’s Services
offering, contact us here and a member of our specialised team will be in touch as soon as possible
Current State Assessment guide
Access our comprehensive current state assessment guide to discover how we initiate our end-to-end analysis, setting the foundation for providing you with the best possible advice.