Predictive Identity: The Future of Identity Governance
One thing is certain, as enterprises continue transforming themselves digitally, they are making lives easier for their customers, staff, and partners – but the underlying technology that is making all of that digital transformation magic possible is growing more and more complex.
Consider this: as organizations bring on more and more cloud systems, while also maintaining legacy on-premises systems going back to the mainframes – identity managers have a challenging time keeping up with the demands associated with good identity governance. The onboarding and managing of users, and the periodic reviewing and certification of that access – for thousands of users to hundreds of applications. How organizations will better meet this challenge was at the heart of Paul Trulove’s, chief product officer at SailPoint, Navigate ’19 keynote address The Future of Identity.
Much of that future state of identity will include – must include – the help of artificial intelligence and machine learning, Trulove said. And SailPoint is bringing artificial intelligence and machine learning to its identity platform in what the company calls SailPoint Predictive Identity.
According to Trulove, Predictive Identity will make identity more intelligent and autonomous. Trulove said Predictive Identity is AI-driven and delivered by a multi-tenant cloud architecture. “It sits at the center of your IT infrastructure, connecting everything, seeing everything, and figuring out what’s important to aid you in your decision-making,” Trulove said.
According to Trulove, Predictive Identity:
- Delivers increased transparency into identity management
- Reduces the need for day-to-day manual identity system interaction to only the high-risk scenarios
- Increases transparency into the inner workings of identity governance for administrators, security teams, and compliance and audit teams
- Makes identity management it easier to deploy and run while improving the confidence in how the system is working to protect the organization from bad actors.
Enterprises will also be able to anticipate user access needs with Predictive Identity. “Instead of your employees having to request access, and then wait for approval, and then wait for provisioning, SailPoint Predictive Identity automatically recommends provisioning for a user based on changes to his identity profile, as his peer group’s access changes, or changes in the broader application environment,” he explained.
Remedy compliance fatigue and more intelligently manage risk
The processes and requests associated with identity management can be tiresome: reams of checkboxes, access approval requests, and a never-ending pipeline of certifications. “The ability to anticipate user access needs is critical to addressing one of the key challenges I hear regularly from organizations: compliance fatigue,” he said. In addition to reducing the need for manual request and approval processes, Predictive Identity also leverages machine learning to change the way access is certified. In the future, he said, SailPoint will leverage machine learning to filter the standard access and automatically certify that access,” he said.
While that should be a welcomed development to staff and identity managers alike, Predictive Identity is also designed to reduce identity-based risks. According to Trulove, Predictive Identity will be able to spot risky behaviors before any real damage is done. “Let’s say one of your users in finance starts to access file storage systems late at night for 2 days running. Since this is anomalous behavior for this user, SailPoint Predictive Identity will flag this activity. You can then choose to launch a targeted certification, automatically disable access, or simply alert a security administrator,” he explained.
Another way Predictive Identity can spot risk is with outlier detection, he explained. Here, Predictive Identity will highlight user’s whose access doesn’t align with well-defined peer group structures. “Take our finance employee example, we can also validate whether similar behavior from other users in the same peer group is occurring – if not, that’s another flag we can identify.
Trulove also explained how Predictive Identity could help to improve security, reduce risk, speed the time to value and reduce the cost of deployment. “Just think if you could onboard a new application and have the AI engine automatically suggest the right role structure and generate the recommended downstream changes for approval,” he said.
Eventually, Predictive Identity will also provide continuous identity monitoring. “We can leverage the same capabilities to deliver an “always on” approach to role mining where we not only factor in actual assignment data into the calculation of role changes, but also include user activity and behavior in assessing whether the structure of a role is correct and if the right users are assigned the role,” he said.
With enterprise technology becoming so complex and interdependent, and user roles changing so often, it should come as no surprise that humans will need a little bit of help from the machines. After all, machines excel at looking at vast amounts of data, spotting trends and outliers, and making the appropriate decisions, or kicking them up for human to review for exceptions. That’s were machines thrive.
“One of the key things we’re focusing on with our Predictive Identity Vision is making identity more approachable and easier to implement and maintain. It’s a complex world out there, and your identity program should be making your life easier, not harder,” said Trulove.