Editor’s Note: For those of you who weren’t able to attend Navigate ’18 in Austin, we’re sharing some insights from the conference here on the blog. Up today, Mike Kiser is talking about the proliferation of bots and how identity governance can be used to manage and govern their access. While we can’t share the brisket, hot sauce and vodka Mike gave away during his presentation, we can share the lessons learned.
Ask a device in your home what the weather will be like today or the score of last night’s game? You’re not alone – the explosion of virtual assistants in home environments underscores the reality that software applications are weaving themselves into the fabric of our lives.
This is not merely an innovation for the consumer market, either. Virtual assistants and other “bots” are enjoying a wave of popularity within today’s enterprises. From customer service chatbots to order fulfillment or booking travel for employees, organizations are using bot technology to speed internal processes. As is the case with any new technology, bots are proliferating throughout the environment rapidly.
For organizations and their focus on identity, this new wave of bots presents both a powerful opportunity and an identity governance challenge.
There’s an Opportunity…
The wave of bot adoption provides an opportunity for identity to become more intuitive and pervasive within a business. Bots can be used to facilitate interaction between the business user and the identity infrastructure in the form of chatbots or other close-to-human processing of requests. This may allow business users to obtain reporting and analytics from the business more rapidly: “What is the current progress of my certification campaign?”
They may also be more involved in the actual process of governance itself – an example of this might be a bot-facilitated process for access request. This would allow for the governance to be customized further to the needs of the end business user, direct them to the correct choice through context and other information at its disposal, and thus guide them to a better outcome as a result. The actual process of identity governance would then be improved, just as other activities are seeing the benefit of bot adoption.
…But It Creates an Identity Governance Challenge
With such a potentially large wave of adoption – one analyst estimates that 73% of organizations would have some kind of Internet of Things (which includes bots) program in place by the end of 2018 – the potential for bots to be used without appropriate identity governance is significant. Businesses should be asking the right questions of their organizations and be on the lookout for automation programs that might be creating bots ad hoc. Being ahead of the curve is key to ensuring identity governance standards are met in the rush of early adoptions.
As these bot-based initiatives arise, businesses can pave the way to success by using models already proven in production. Most often, this will mean treating bots in the same manner as contractor-based identities. Just like contractors today, this will require the establishment of a repository dedicated to bots. As they are created, modified, or eliminated, this repository must be updated and that information subsequently brought into the identity governance solution. This also means time-based access and the application of policy to ensure tight restrictions on their capabilities within the environment. Because their actions should be strictly within set boundaries, analytics may also be deployed to ensure that they have not been repurposed and are fulfilling their expected function. Additionally, human oversight of bots is key to good governance, meaning that every bot must (once again like a contractor) have a real-world person who is ultimately responsible for their governance.
Governing Our New Bot Overlords
The rapid rise in the use of bots throughout organizations grants identity programs a chance for enhancement as well as a new class of identity to govern. By being proactive, asking the right questions, and using proven governance models, identity can be utilized to retain governance and oversight while still allowing for quick adoption of this new technology.