Old Tools, New Tricks: How AI Can Extend Existing Security Investments to Meet New Challenges

Companies today are faced with an increasing number of security challenges. The ForgeRock 2020 Data Breach Report found that worldwide data breaches cost $1.2 trillion in 2019 with almost half of UK businesses experiencing a data breach in the last 12 months. This is despite the fact that global spending on cybersecurity increased by eight percent in the same period, but this isn’t the only thing businesses have to worry about.

The coronavirus pandemic has only compounded the threat: entire workforces have been forced to work virtually from home, expanding the scope of enterprise security into countless private homes and networks.

Meanwhile, staff churn has multiplied as furlough schemes take some employees out of action while new employees come on board in business areas experiencing new pressures. Businesses are being forced to adapt, fast, but also need a solution that can keep up with the pace of change in our increasingly uncertain times.

Returning to ‘business as usual’ isn’t likely, and with budgets constrained across the board, IT departments face a dilemma: how can they modernize their security solutions to meet these growing challenges while working with fewer resources than before? 

Your existing identity solution got you so far, but now it’s holding you back

One answer lies in an often overlooked area of security: identity governance. Historically, businesses invested in proprietary home-grown or off-the-shelf identity systems to help them address these growing business challenges associated with user access, but these legacy systems have become obstacles in today’s dynamic, remote-working world. 

Now more than ever, users expect to have easy and rapid access to the applications they need to do their job, and businesses want to ensure that only the right people are accessing the right applications. As a result, security-conscious organizations need a way to balance requests for immediate application access while reducing the risk associated with this process as much as possible. 

Too often, existing identity governance solutions fail on both counts because they rely on static data. This means that, as role profiles and entitlements change over time, these solutions aren’t capable of keeping access permissions up to date. This issue has been exacerbated by the COVID-19 pandemic as staff redundancies increased and IT teams are required to rapidly update furloughed employees’ access requests and privileges.  

Additionally, many existing identity governance systems are only integrated with a few authoritative identity sources, such as Microsoft Active Directory, or your company's HR system. These limited integrations result in poor user access visibility and a lack of consistent, contextual access insights across the entire enterprise. As a result, you end up with many islands of identity sprinkled across your organization.

Finally, because IT and security teams are overwhelmed with access requests, approvals and certification reviews, they often end up taking care of them manually. This usually results in the overprovisioning of user access privileges, which can result in unauthorized user access to systems, applications and proprietary business information.

AI-driven identity analytics can provide the answer

If your existing solution has ossified over the years, then the answer might lie in AI-driven identity analytics. By pulling in data from around your business - not just from your identity and access management system, but your applications and any other relevant sources of data - an AI-driven identity analytics solution can provide confidence scores and metrics to give you a better view and contextual insights into your user access risks. Thereby, allowing you to automate many of the governance and access decisions currently being handled manually.

By automating tasks such as access requests and certifications, companies can significantly reduce the burden these processes put on the team, resulting in significant time and cost savings. 

Because it relies solely on your existing data, AI-driven identity analytics leverages all your existing identity data and solutions investments and adapts dynamically to meet your evolving technology and business needs.

Lastly, because it collects and analyses identity data (e.g. accounts, roles, entitlements, etc.) from across your organization, it eliminates blind spots by breaking down identity silos to give you an enterprise-wide view of who has access to what - and why. At a time when security blind spots can be hugely costly, this level of visibility and context is vital. 

A top-up for difficult times

The best thing about AI-driven identity analytics? You can deploy it without having to ‘rip and replace’ your existing identity governance solution. Because it directly integrates with and augments what you already have, AI-driven identity analytics is the ideal way to level up your identity governance and administration solution needs.

With the COVID-19 pandemic forcing businesses to operate with fewer resources, while still maintaining a high level of security, utilizing AI and machine learning (or ML, a subset of AI that involves computer algorithms that improve automatically through experience) technology really can be a game-changer for identity. It can deliver the holy grail for IT and security teams: time and cost savings that also deliver improvements in security and the employee experience.

What’s Hot on Infosecurity Magazine?