SailPoint data scientist Rajat Kabra explains how machine learning can help stop oversight into mass approvals for certification and entitlement requests and how machine learning can help you dive deeper into the type of access you are granting.

Video Transcript

Natalie Reina: As we know companies need to conduct entitlements and certification campaigns. These can happen every month or can be triggered by something. But more often than not they are dealing with thousands of requests and they are so overwhelmed by requests that mass approvals start happening. Today, I’m with SailPoint’s data scientist Rajat Kabra who’s going to tell us how machine learning can help with this oversight and give us a deeper dive into the type of access we are granting. So Rajat I briefly touched on this, but can you kind of tell me why companies struggle with entitlements and certification campaigns.

Rajat Kabra: Ah so companies actually struggle a lot because of these certification campaigns is because dealing with thousands or 10s of thousands of certification requests can be an extremely challenging task for a human certified as they have to maintain a strict level of scrutiny when either approving or denying an entitlement. Along with this, they also have to finish the task in a timely manner so that identities have the entitlement that they need to work on today. Because not doing so can result in productivity loss. Along, for example, if there are a thousand certification requests in an entitlement campaign and on average it takes about 10 seconds for every entitlement request. Then this will require at least three hours, around three hours of time to finish this task. Now imagine instead of 1000 certification request, there are actually 10,000. So to finish this campaign, it will take 30 hours almost 30 hours. So expecting an identity or a person to wait for 30 hours to get an entitlement that they need is not feasible for a company and almost impossible. So this results in what you said mass approvals, where the certified basically select all the entitlements for all the identities there are and just approves every request there is. And this can have a lot of bad effects on the identity governance within the company. For example, it can actually lead to a ripple effect. For example, if I get an entitlement, you do mass approval, then other data scientist within my team might also end up getting that entitlement because now they are actually connected to an identity, which has that entitlement. From, so because of this the whole data science team can actually have that one entitlement. And if you work closely with let’s say data engineering team then ripple effect can continue on within the engineering team as well and they might also end up getting the entitlement. And this will just spread like wildfire and the entitlement might if it’s a security related entitlement or and very extremely important entitlement that only VPs have, this is a huge problem for the company. Another issue with the current approach is human bias or human error which basically means, so let’s say the certifier actually knows the identity, the person who’s requesting an entitlement. So, there will always be a thought in their mind. Oh, I know this person if he’s requesting this entitlement he must need it and you just approve the entitlement and the ripple effect will begin for that identity and this is always a problem.

Natalie Reina: Okay, well can you kind of tell me how, I mean, that seems like a lot of air room for error there. So can you kind of tell me how machine learning can help alleviate this

Rajat Kabra: So modern machine learning and AI based solutions allows us to build intelligent classified engines which can help and certifiers by providing support to make informed and accurate decisions. These machine learning models can actually learn patterns within the company from the historical data and learn which entitlement request should be approved or denied based on the identity attributes. For example, how many peers in that, for that identity have that entitlement or what are the entitlement distributions within that identities department or title or domain. So using these kind of features the machine learning model can actually make extremely accurate decisions. And these models are capable of handling 10s of thousands of entitlement requests within a few minutes if not seconds with an extremely high level of scrutiny without any huge bias and in an extremely accurate manner. These models are also capable of learning ever changing patterns within the company itself, which can be a result of any compliance change or the recent acquisition or anything of that sort. But one question a lot of people in the identity domain always have is that why should they trust the word of machine learning model? Are machine learning models safe? For example, if I’m working with a machine learning model says that this particular identity shouldn’t have this entitlement. So should we just go ahead and trust the word of the machine learning model without any question? So the answer for this is no, because the solution that we have built here at SailPoint the certifier can actually see why the machine learning model reached that particular decision. We have built an interpretation layer around the machine learning model and using this interpretation layer the certificate certifier can actually see why the reasoning behind every decision that the machine learning model makes and this, this isn’t or this is interpretation can be found for every certification request, there is in the campaign. So, this results in an extremely trustable and transparent solution using where the certifier can have complete control or transparency of everything that he or she is doing.

Natalie Reina: Thank you so much Rajat for your time this really goes to show what a state of the art machine learning program can do to help alleviate these challenges people have with entitlements and certification campaigns. You will hear more from our data science team and upcoming identity talks. Thanks for watching.

Find out how SailPoint can help your organization.

*required field

By submitting this form, you understand and agree that use of SailPoint’s web site is subject to SailPoint Technologies’ Privacy Statement.