Gain value on day 1: AI-derived decision support for your identity security program
Authored by Kelly Grizzle, Distinguished Engineer
The digital landscape is changing quickly. The number of apps in use by the average enterprise increased by 20% in 2020, according to a recent Netskope threat report. Organizations with 500-2,000 employees now use approximately 700 cloud apps monthly. Data shows us that security teams manage access to hundreds of applications for thousands of users within their organizations. It’s no secret that IT and security teams struggle to keep up with access control and governance. A primary challenge for these businesses is a lack of comprehensive visibility and insights into their access data. A primarily human-based, manual approach leads to over-provisioning access and causes non-compliance and unnecessary exposure to security risks.
Business leaders understand the benefits of automation, artificial intelligence (AI) and, machine learning (ML) as suggested by the IDC Worldwide Semiannual Artificial Intelligence Tracker, February 2022. According to the report, AI services investments will more than double from $19B in 2020 to over $50B in 2025. Although identity security is now seen as an essential part of managing operations, security teams still need to work on implementing a proactive and forward-looking approach to managing access. It’s common to hear these questions at the start of our customers’ engagements:
- How do we leverage our access data to make better access decisions? How do we automate basic identity processes to free up our IT and security administrators’ time to focus on riskier and more intricate projects?
- How do we build a sustainable identity program that can adapt to our changing needs?
- How quickly can I start seeing improvements to productivity and prove compliance and ROI to my executives?
For almost two decades now, SailPoint has invested in its people and products to be able to answer these exact questions from our customers. One piece of the puzzle is our Identity Security platform, which uses AI and ML to streamline and automate the most basic identity processes to provide support for the most complex risk-based decisions necessary to remain secure. The second critical piece of the puzzle involves our identity security experts. With decades of experience in the identity security space, our professional services experts can offer both advisory and hands-on assistance. Using their extensive identity security domain expertise along with SailPoint’s AI capabilities is the crucial next step in our customers’ journey to recognizing the full potential of AI and ML from the get-go.
That’s right! A majority of SailPoint’s AI-Driven Identity Security capabilities do not require historical data, and value is attainable from day 1. Let’s delve into some of these use cases:
As part of SailPoint’s Access Modeling capabilities, Role Discovery allows a customer to select a set of identities and try to find new roles that model their desired access patterns. This is done by looking for patterns of entitlements assigned to the identities using unsupervised machine learning. A best practice for creating an access model is to develop common access roles matching a company’s business structure. Automatically granting access to the roles with common access saves time for identity admins and allows application users to become productive from day one. Once the common access roles are created, admins can focus on creating more specialized/tailored role models. Watch this explainer video to learn more.
Another capability of Access Modeling is Role Insights which provides suggestions about entitlements that could be added to a customer’s existing role model and align what is actually assigned to the identities that have those roles. This is done by looking for entitlements that are “popular” amongst the identities assigned to each role and recommending that they are added if they are not a part of another role. Machine learning recommendations for Role Insights require the current static data for the identities and the role model. Businesses gain insights from day one.
Certification and Approval Recommendations
Certification and approval recommendations provide ML-derived decision support to certifiers and approvers so they can confidently manage access. This is done by looking at features of the identity and the access, such as how prevalent a role is within the identity’s peer group, department, job title, etc. The features used in this algorithm are configurable per customer needs and available during the onboarding process and beyond. Our subject matter experts are also available to make recommendations during implementation set-up.
Access Request Recommendations
When end users go to the request center, finding the access they need can be daunting. Access Recommendations lists recommended applications that are popular for “people in your role.” This is done by finding applications that you do not yet have access to but are common among peers that report to your manager. The data required to power this feature also comes from the static dataset of identities and roles and is available from day one.
Unlike Malcolm Gladwell’s Outliers, identity outliers are people you don’t want in your organization. In an ideal world, access that identities have should be uniform and not have surprises. Identity outliers are people in an organization with unusual access assigned to them and should be reviewed by identity administrators through certification or other automated workflows.
Access Insights uses machine learning to identify identity outliers by analyzing:
- Identities that are not like others within their peer group. These identities may have been granted access outside of the role model and have unusual access privileges compared to their peers.
- Identities with access privileges are like multiple peer groups. Those employees may have accumulated access privileges across an organization – perhaps due to moving job functions or maybe they are working on special projects.
Once outliers have been detected, the appropriate stakeholders can be notified in real time by leveraging a robust workflow process to flag the anomaly and provide the context and recommendations needed to take the appropriate action. This capability also requires a static dataset of an organization’s identities and access model, and customers can see value from day one. Watch this explainer video for more in-depth information.
Access History – Value on day one, but gets better with time.
Access History provides a historical view of the access and attributes of all identities in an organization over time. Unfortunately, Access History cannot time warp into the past and see changes before onboarding a customer to AI capabilities. However, on day one, a customer will see the current snapshot of all identities in their organization, and history will start being recorded. Information such as access requests and identity certifications are also included, even if they happened in the past. Over time, this history provides increased insight into access changes and what caused them.
Access Intelligence Center (AIC) – Value on day one improves as more data is collected.
The Access Intelligence Center is a data visualization tool that provides persona-based business intelligence through charts and dashboards that can drill into granular access data, including information about identities, certifications, and access requests. Customers can track the current state of their identity program, prove compliance and show the value of AI with executive reporting. Many out-of-the-box dashboards offer static data, such as the job titles in each location, the most commonly assigned roles, etc. Moreover, the AIC has a historical dataset of certification and access request data from when they first became a SailPoint customer, so that some historical charts can be used on day one. Other historical data is only captured once the customer is onboarded to AI-Driven Identity Security capabilities, allowing the AIC to show dashboards with richer data over time.
So, what does it take to deliver the immediacy and value of AI to customers? It turns out not much. SailPoint provides the technology, best practices, automated workflows, and machine learning analytics to help our customers make confident access decisions that will improve productivity, reduce cybersecurity risk and prove compliance to auditors. As a result, it’s never been easier to confirm your identity security program’s value (on Day 1!).
Are you interested to find out more about SailPoint’s AI capabilities? Schedule a demo with a SailPoint crew member.