Gartner IAM 的 LogMeIn Live： 由 AI 重新定義的身分治理
The Gartner Identity and Access Management Summit in Las Vegas was bustling this week bringing identity professionals from all over the world to the desert to talk about the latest and greatest in the industry. Among the experts roaming the halls was Kayla Williams, Director of Governance, Risk and Compliance at LogMeIn. She’s currently building a robust identity governance program from the ground up and we were lucky enough to hear her speak about her vision with SailPoint.
Work Your Plan & Plan Your Work
Identity governance programs do not come to life overnight. Often times the extensive behind-the-scenes magic is not something well-known throughout a company. Identity professionals often pour their energy and knowledge into getting a program up and running and when done successfully, an end user’s life is undisrupted. Williams, previously at Computershare, was part of the team that built their identity program. At LogMeIn she’s taking her previous experience and spearheading their cloud-based program powered by machine learning and artificial intelligence technologies.
“I knew from experience that a program of this scale – meant to be the foundation for security – needs to be carefully mapped with all stakeholders and areas of the business,” Williams shared. For LogMeIn that meant forming the program leadership team consisting of HR, Executive Sponsors, Steering Committee, Program Management, and owners of key applications. The group was responsible for program success including clarifying the vision, defining target outcomes and keeping the team on schedule and in scope.
Before defining the go-forward plan, they took the time to understand the processes that were currently in place and identified all inconsistencies and gaps the new program would need to address. “You need to understand where you are before you can change. We are a SaaS-based, M&A hungry company and to be prepared for future growth, you need to have processes written down and operating in a scalable way,” Williams said.
Some gaps were obvious – certification campaigns were manually being run. Automating this process brought the promise of lowering the risk of noncompliance with internal control frameworks and better alignment with best practice expectations, freeing up resources to focus on other areas of the business and enabling managers to make faster, better certification decisions. In order to terminate employees from certain internal systems, resources were manually reviewing employee lists to see who was still at the company. A centralized identity program allowed LogMeIn to issue unique identifiers for each employee to limit confusion and build a strong internal foundation for managing identity. Also, by giving HR the functionality to automatically disable access for terminated employees and have it trickle down through those applications systematically, risk was naturally reduced.
Building a Better Way with AI
LogMeIn had homegrown systems that they needed to retire and with that, a new era of identity governance to introduce. Artificial Intelligence and machine learning technologies are at the heart of William’s new program, fueled by innovation that makes the business run faster, employee’s lives easier and decisions made in real-time. “By AI enabling our identity program, it’s empowering us to get there faster and something that’s only going to get better,” Williams shared. LogMeIn plans to use their intelligent identity governance platform for segregation of duty alerting via role analytics. “We’re interested in identifying anomalies in groups and roles and alerting our security operations center of those. Our leadership is very focused on making sure our segregation of duty controls are operating as designed.”
“As we shift to role-based access, we’re planning to leverage SailPoint for AI-driven access policies and models to help us create new roles automatically based on recommendations. AI identifies variances the human brain may miss due to biases and learned behaviors,” Williams said.
“We have a lot of user access metrics that we’ll be using the platform to generate so we can report up to our board and steering committee,” Williams shared. Some of the metrics LogMeIn needs to report on are listed below.
- Number of risky users identified per quarter
- Number of SoD violations per quarter
- % increase/decrease of roles due to fluctuations in the business
- Number of access outliers identified by Business Units/Functional Department
- Number of access recertification campaigns completed in quarter
- % access recertifications not completed on time in quarter
- Average time to terminate access (for manual access terms)
Thank you, Kayla for sharing your vision at the Gartner IAM Summit! To learn more about Kayla and LogMeIn’s identity governance program, check out her interview at Gartner.