SBN

Artificial Intelligence: The Key to Self-Driving Identity Governance

When it comes to identity governance, the future is here. Hyper-automation and self-driving governance promise to make as dramatic an impact as that of agile development. The result? Faster regulatory compliance, lower costs, and substantially reduced risk. 

Artificial intelligence (AI) based on machine learning (ML) is the ideal foundation for automating identity governance. When AI is supplied with rich data representing an enterprise-wide view of all aspects of identity, it can streamline and automate intelligence across all identity governance and administration (IGA) use cases: access requests, access reviews, and role mining. Rather than forcing analysts to manually correlate masses of data, AI can proactively identify access risks and provide context for quicker decision-making. In addition, AI can accurately identify excessive privileges and provide confidence scoring that teams can use when making actionable decisions. 

One of the most important benefits of using AI- and ML-based solutions is the ability to hyper-automate existing IGA processes. Defined by Gartner as tools to “…integrate functional and process silos to automate and augment business processes,” hyper-automation goes beyond simply providing information to decision-makers. It can discover, monitor, and improve user access, enabling business processes to become self-driving. 

As an example, hyper-automation can automate remediation recommendations, such as access predictions, access provisioning/deprovisioning, and role definitions. This pushes actions directly back to the existing IGA solution. In addition, hyper-automation paves the way for micro-certifications. Leveraging ML, it can automate approvals of low-risk, high-confidence users. This greatly reduces the workload of business line managers or applications owners who now only need to approve a small set of entitlements and roles in between annual or biennial certification campaigns. 

ForgeRock’s Approach to Self-Driving Identity Governance 

ForgeRock delivers the industry’s first AI-powered digital identity analytics solution, harnessing hyper-automation to pave the way for self-driving IGA. ForgeRock Autonomous Identity provides complete enterprise-wide visibility into the access landscape, utilizing AI transparently to provide insight, guidance, and automated remediation. As a complementary solution to existing IGA tools, it helps organizations achieve regulatory compliance, mitigate risks, and reduce costs. 

ForgeRock Autonomous Identity uses AI and ML techniques to collect and analyze all identity data from the business. It collects data from identity and access management systems and other relevant sources of data to identify access and risk blind spots. This ensures a comprehensive, real-time view of identity across the entire organization 

Armed with this user access landscape view and a thorough understanding of the principles behind each type of access, the ForgeRock solution looks at how closely the characteristics of a user with a given entitlement matches the characteristics of others with the same access. The closer the match, the greater the confidence that a given user is justified in being granted this specific access and this level of access. Autonomous Identity assigns a confidence level for each individual who is provided such access, determining what both good and bad access look like across the entire enterprise. Similarly, it can recommend relevant high-confidence access rights that have not yet been granted to employees.

Importantly, the solution does not replace existing IGA solutions. Instead, it coexists with these solutions to augment and maximize the business value of identity investments already made. This breakthrough approach helps CISOs take identity governance to the next level, while maximizing previous investments and preserving their budgets. 

ForgeRock Autonomous Identity Jumpstarts IGA with Hyper-automation

ForgeRock Autonomous Identity has been architected to address all the major issues related to identity governance. It also goes a step further, enabling self-driving identity governance through hyper-automation. The solution is built on three unique concepts: providing global visibility, being data-agnostic, and ensuring transparent AI. 

  • Global Visibility: By leveraging AI-driven identity analytics, organizations can collect and analyze all identity data (examples:  accounts, roles, assignments, entitlements, and more) from diverse identity, governance, and infrastructure solutions. Autonomous Identity brings all this information together to provide enterprise-wide visibility to all identities and their access across the entire organization. In addition to enterprise-wide visibility, Autonomous Identity provides security and risk professionals with contextual insights into low-, medium-, and high-risk user access at scale.
  • Data Agnostic: Unlike “black box” identity analytics solutions based on static rules, roles, and peer group analysis, Autonomous Identity relies strictly on organizational data to develop a bias-free analysis. The solution works with existing identity data sources, and all identity data types to develop a complete view of the user access landscape. In addition to IGA data, Autonomous Identity collects, normalizes, and analyzes all identity data from identity management, Active Directory, Database systems, SQL databases, privileged access management systems, human resources (HR) systems, cloud infrastructure, enterprise resource planning (ERP), and data governance systems. By consuming and analyzing tens of millions of data points quickly, Autonomous Identity can predict and recommend user access rights and highlight potential risks. 
  • Transparent AI: ForgeRock solutions are based on full transparency, providing teams with a deep understanding of how and why risk confidence scores have been determined. The visual presentation of low-, medium- and high-risk confidence scores explains the decisions via key risk indicators that were met, demonstrating the logic behind the decisions, and showing the criteria that went into the decision. 

Start Down the Path to Self-Driving Governance 

There’s no need to wait: the future is here. Even as organizations face dynamic business challenges, they now have at their disposal a dynamic solution to meet and overcome these issues. Teams can now do more with fewer resources. They have full visibility into, and automated assistance with remediating, overprivileged access, excessive permissions, orphaned accounts, and entitlement creep. 

Teams can hyper-automate existing IGA processes and solutions, streamlining and automating intelligence across all IGA use cases: access requests, access reviews, and role mining. Risks are proactively identified, and context is provided for actionable decision making. Micro certifications enable business line managers to approve only small sets of entitlements and roles, easily closing the access gaps between annual or biennial compliance audits. 

Here’s the bottom line: with ForgeRock’s self-driving governance approach, organizations can achieve regulatory compliance faster while mitigating risks and reducing costs across the entire organization. 

To learn more about ForgeRock’s approach to hyper-automation be sure to read the new white paper: Self-Driving Governance with ForgeRock Autonomous Identity.

 

*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Tim Bedard. Read the original post at: https://www.forgerock.com/blog/artificial-intelligence-key-self-driving-identity-governance

Avatar photo

Tim Bedard

Tim Bedard is responsible for OneSpan’s Trusted Identity Platform security solutions for financial services. With more than twenty years of IT security experience, Tim has successfully launched multiple cloud-based security, compliance and identity and access management (IAM) offerings with responsibilities for strategic planning to go-to-market execution. Previously, he has held leadership positions in product strategy, product management and marketing at SailPoint Technologies, RSA Security and CA Technologies. Tim is active security evangelist at industry leading tradeshows and events.

tim-bedard has 17 posts and counting.See all posts by tim-bedard