AI to the Rescue for Identity Governance Access Certifications … not so fast!

Written by Ron Bowron

In today’s digital world, businesses face numerous cybersecurity threats, making it essential to ensure that only authorized personnel can access sensitive data. Identity and Governance Access Certification Campaigns are an effective way to certify and review user access to critical resources and applications. The process involves verifying that the access granted to users aligns with their job functions and business requirements.

The use of Artificial Intelligence (AI) during an Identity and Governance Access Certification Campaign can help streamline the process and increase its efficiency. AI can analyze large amounts of data in a short amount of time and flag any anomalies, reducing the time and resources required for manual reviews. However, it’s important to note that AI should not replace human oversight entirely. As Buzz Woeckener, Director Identity Governance and Administration at Nationwide, stated at the Gartner IAM Conference on March 21st, 2023, “AI will never hit the submit button.”

When Should AI Be Used?

When is it appropriate to leverage AI in the process? Here are some pointers:

• Large and complex organizations with a significant number of users and resources can benefit from AI’s ability to quickly analyze data and identify outliers.
• Organizations with dynamic access requirements may find it challenging to keep up with manual reviews, making AI a useful tool in keeping access certifications up-to-date.
• AI can also help identify patterns in access requests, which can help inform future access certification campaigns.

But for AI to be successful, you have to remember that AI learns from the information it is provided.  So having quality data and context for the resources and permissions is important. Consider the following as prerequisites for implementing AI as part of your Identity Governance Campaigns:

• Consistent and Accurate Labels:
  • • Ensure that permission labels are consistent and accurately reflect the associated access privileges. This will enable AI systems to correctly interpret and evaluate access requests and identify any anomalies.

• Granularity:
  • • Granular permission labels will enable more precise evaluation of access privileges, enabling AI systems to identify any inappropriate or unnecessary access more accurately.

• Contextual Information:
  • • Including contextual information such as the purpose of access and the time of access can help AI systems better evaluate the risk associated with access requests.

• Access History:
  • • A historical record of access requests and approvals can be used to identify patterns and establish baselines for access privileges. This will enable AI systems to detect any significant deviations from the norm and flag them for further review.

• Feedback Loops:
  • • Finally, creating a feedback loop to capture user and system feedback on permission meta-data can help identify errors or gaps in the permission metadata. This feedback can be used to refine the permission metadata, improving its accuracy and enabling more precise risk evaluations.

These activities can be time consuming and challenging to implement across complex systems, but the investment will be easily recovered over time. Using these suggestions, organizations can improve the quality of their permission metadata, enabling more accurate evaluation of context and risk associated with access during the certification process. This will ultimately improve the overall security posture of the organization by reducing the risk of unauthorized access to sensitive data and resources.

AI can help streamline Identity Governance Access Certification Campaigns, but it may not be as helpful if trained on poor quality information, and should not replace human oversight entirely. By leveraging AI’s capabilities alongside human expertise, organizations can increase the efficiency and accuracy of their access certification processes.

Not sure if you’re ready to add AI into your cybersecurity regimen? Talk to the experts here at Idenhaus to see what we can do for you.