Automated processes powered by artificial intelligence (AI) are reshaping society in significant ways, from robotic assembly lines to self-driving cars. However, AI cannot do everything on its own; in fact, many organizations are realizing that automation works best when it collaborates with a human operator. Similarly, when well-trained AI assists them, humans can often operate more efficiently and effectively. Identity security, in particular, is an excellent example of a field where augmenting the human touch with AI has produced extremely positive results.
Consider the sheer number of identities that exist in today's world. Users, devices, applications, servers, cloud services, databases, DevOps containers, and a plethora of other entities (both real and virtual) now require identity management. Furthermore, in order to be productive in enterprise environments, modern employees use a wide range of technologies and data. Together, these two dynamics pose a challenge for identity security — at today's scale, determining which identities require access to which systems are well beyond human capacity.
This is significant because cybercriminals are increasingly targeting identities. According to the most recent "Verizon Data Breach Investigations Report" (DBIR), credential data is now used in nearly half of all breaches, and stolen credentials are one of the most common ways attackers compromise identities. Attackers use a variety of methods to obtain those credentials, the most common of which is social engineering. Hackers have gotten very adept at recognizing ways to trick people into making mistakes. This is a major reason why today's attackers are so difficult to stop: Humans are frequently the weak link, and they cannot be patched. It is simply not possible to create a preventative solution that will stop 100% of attacks.
This is not to say that preventative measures such as employee education, multifactor authentication, and frequent password changes aren't necessary; they are. They are, however, insufficient. A determined attacker will eventually find a vulnerable identity to compromise, and the organization will need to know what systems the attacker had access to and whether those privileges exceeded its actual needs. If an accountant's user identity is compromised, that is a problem — but it should be limited to the accounting department. However, in a company where overprovisioning is common, an attacker who compromises a single identity could gain access to a variety of systems.
This is a more frequent problem than you might think — when an organization has tens of thousands of identities to manage, it is tricky to ensure that each one has privileges that correspond to its essential functions.
It used to be, at least. When applied to identity security, AI-based technologies have enabled enterprises to not only manage identity permissions at scale but also to evolve identity security decisions over time to ensure that they match the changing needs and dynamics of the business. AI can be trained to recognize patterns that normal human users would miss.
For example, they may look for permissions that are rarely used and recommend that they be revoked — after all, why risk allowing an attacker to exploit them if they aren't being used? These tools can be trained to recognize when the same type of user repeatedly requests access to specific data. They can then report that information to an IT team member, who will determine whether additional permissions are required.
AI-based identity tools can help to develop more appropriate permissions for identities across the organization by identifying these patterns, while also providing IT staff with the information they need to make aware decisions as circumstances change. AI tools ensure that giving up a single identity does not grant an attacker complete control of the system by removing extraneous, unnecessary permissions. They also imply that, rather than impeding productivity, the IT team can boost it. They can ensure that all identities under management have access to the technology and data they require by quickly identifying when it is safe and appropriate to grant additional permissions. None of this would be possible unless humans and AI collaborated.
Gone are the days when managing identities and their permissions could be done manually; today, ensuring that each identity has the appropriate level of access requires significant assistance from artificial intelligence-based technology. Organizations can merge the speed and accuracy of automation with the contextual judgment of human decision-making by augmenting the human touch with AI. Together, they can assist organizations to manage their identities and entitlements more effectively while significantly reducing the impact of any potential attack.