In this special guest feature, Jackson Shaw, CSO, Clear Skye, discusses why it’s still early days for artificially intelligent identity management. Jackson has more than 30 years of experience in product management and operations in the technology security sector, lending his expertise to companies from Dell and Microsoft to Forcepoint and One Identity.
Artificial Intelligence (AI) has the power to change identity security and governance. By taking a once manual, error-prone process and adding the gloss of automation and accuracy, we can remedy age-old problems with managing access and entitlements. The problem is a shiny exterior of AI-enabled products are all that exists—at least for now.
While there’s no shortage of ‘AI-powered’ solutions, many look at such a finite set of values that they’re simply not able to deliver on their promise. To get the most out of an AI solution, a lot more data needs to be available. But the reality is that most one-off solutions don’t have access to this. Additionally, the narrow view of identity as strictly a function of security or GRC has also limited what is possible with AI. Identity touches every part of a business, from IT to HR and everywhere in between.
If identity is working in its own security and compliance silo, enterprises will not realize the true value streamlined, AI driven-identity governance can bring. And the outcome of any AI initiative should be a more agile enterprise. This includes activities like improved workflow, seamless user experience (UX), and improved operations. When done right, this is exactly what intelligent identity management can achieve.
But how do we get there? Let’s take a closer look at what’s holding us back and how we can get our identity data to start working for us.
The Challenges
While popularity of AI in the enterprise continues to grow, practices and maturity have remained relatively stagnant. Industry research shows lack of skilled people and difficulty hiring topped the list of challenges in AI. Pair this with the 25% of companies that have seen half of their AI projects fail (Deloitte) and it’s no wonder why we haven’t yet seen truly successful AI applications around identity.
If we drill down to identity-related AI projects specifically, the data tells another grim story. New research from Gradient Flow shows that two-thirds of respondents indicated that their company uses AI /ML to improve identity management. Yet less than a third of respondents indicated that AI/ ML yielded moderate to high benefits for identity management. It’s likely that far less than two-thirds of respondents are using AI in a real production environment. Even still, it seems that there is more perceived than actual value.
The Solution
The problems are clear: we don’t have enough data, we see identity on an island of its own, and we lack the skilled technical talent. As such, here’s where business leaders should focus to approach identity backed by real deep learning technology.
- Volume of Data: AI/ML can find patterns and extract value in vast amounts of data with a sophistication few technologies can match. That said, both AI/ML algorithms need massive amounts of data to understand what is normal and what is anomalous behavior. Many data inputs are needed to train and test the algorithms, then, once validated, and put into production, there needs to be continuous amounts of data feeding the algorithms to remain accurate.
- Specialization: It takes a data scientist working with identity, security, and other experts in your business to determine what data should be part of an AI/ML initiative. Bypassing this level of specialization can result in limited insights. Additionally, a data scientist will be able to advise and customize the algorithms for your businesses specific use cases. It’s important to have this talent on the front lines to ensure accuracy, consistent training and tuning of models, and to avoid degradation over time.
- Integrating Identity Organization-Wide: By leveraging a business platform, organizations gain access to an entire data warehouse with information about not just identity controls, but IT Service Management (ITSM), Security Operations (SecOps), Human Resources (HR), and more, along with all the related service requests, and approvals. There’s no need to perform multiple bulk exports and imports from different products or systems across your enterprise—it all lives in the same place. The best news? This functionality already exists within your existing tech investments in platforms like ServiceNow, Salesforce, Azure, and more.
We still have a long way to go before AI and identity are working together seamlessly, but we’re on the right track. By taking stock of the data you have access to, organizational silos, and prioritizing AI talent—whether in-house or by way of the partners and products your business uses—these should be the priority areas for those seeking to maximize their AI efforts around identity.
Sign up for the free insideBIGDATA newsletter.
Join us on Twitter: @InsideBigData1 – https://twitter.com/InsideBigData1
Could you define what does means, exactly, “in Identity” ?