Buzzword Breakdown: What Do Bots, AI and Machine Learning Mean for Identity?
The cybersecurity industry is well known for its copious acronyms and ever-changing buzzwords. In fact, when I hear yet another new term in a meeting at SailPoint, I joke that we always have to remain “buzzword compliant.” But despite my poking fun, the latest round of buzzwords seems to center on AI and robots, which are a massive trend in the security industry as a whole.
Despite their recent fame, AI and robots are not taking over the world figuratively or literally. While these topics have major implications across the cybersecurity industry, here’s what they mean in the context of our space, identity governance, and how we’re using them.
Artificial intelligence (AI) in its most basic form, is intelligence demonstrated by machines as opposed to people. This can take many different forms including Siri and Alexa, but it’s really just a name for the broad concept of machines that are trained to do intelligent work.
Machine learning is often confused with artificial intelligence, but they aren’t quite the same. Machine learning is a subset of AI where software programs are able to analyze data and learn from it, identifying patterns and eventually making decisions. In the case of identity governance, we’re using machine learning with IdentityAI, our identity analytics tool, to help organizations analyze the massive amounts of identity data they have, as well as the data created by other identity governance tools (like IdentityIQ or IdentityNow), ultimately identifying and automating low-risk activities.
Robotic process automation (RPA) is the process automation technology behind emerging tools like software bots, allowing them to take on the simple, repetitive tasks previously performed by people. People often confuse the two, but RPA is the technology behind the software bot that is making your travel arrangements or fulfilling your online order, and the two aren’t interchangeable. In the context of identity governance, bots are an increasingly important consideration. As software bots continue to be adopted in the enterprise, they’re gaining access to sensitive data and systems, and as such, they must be governed in the same way as human identities to avoid them being compromised.
So, what does this all mean in the grand scheme of things for identity governance and the greater cybersecurity landscape? These new technologies are powerful and incredibly valuable when used intelligently. But rather than robots and AI taking over the world, I see it as an opportunity for more meaningful work to be completed more effectively and efficiently by valued industry experts rather than replacing them.
I think the next buzzword we’ll see popping up more, and the one that truly has staying power, is augmented intelligence. It’s the perfect blend of AI and people that ultimately results in insights for the enterprise that computers simply can’t provide, no matter how intelligent they are.
In the context of identity governance, it’s impossible for humans to process the massive amounts of identity data an enterprise has, but when you combine an AI tool with a trained identity expert who can evaluate the patterns and anomalies identified by AI and machine learning, map it against the company policies and industry regulations that all enterprises live with, and use it to make choices, it’s a winning combination.
For example, a tool like IdentityAI can analyze your organization’s data and identify an anomaly – your CFO’s computer is downloading financial data outside of business hours in Beijing, rather than at your corporate headquarters. Without human knowledge, an AI tool would flag this anomaly as potentially risky behavior, indicating that his identity may have been compromised. However, an employee can verify that the CFO is, in fact, traveling in China and well within his workplace responsibilities in downloading this data. If you relied on AI alone, your CFO would be left high and dry halfway across the world. You need both the AI tool and the human with the business context to act on an anomaly appropriately.
At the end of the day, we still need smart people to be engaged in the business, and I don’t see that need ever going way. The marriage of technology and human knowledge always has and will continue to create the most value