We are at the forefront of an Artificial Intelligence (AI) revolution. Companies that develop and actively deploy AI and automation technology are the new investor and media darlings, with their valuations skyrocketing and business expanding at unprecedented speeds. By Paul Trulove, chief product officer, SailPoint.
One such example is Ocado, a groceries retailer turned tech giant who used AI-based technology for packing groceries and powering its retail fraud detection systems to drive rapid growth. Just think of the endless opportunities in front of us, especially in light of the new world’s fastest supercomputer, which was unveiled by the US Department of Energy and IBM in early June. It is capable of as many calculations per second as 6.3 billion humans combined.
What does this mean for personal interactions between humans and AI or bots? While they might be reliable for automating business and industrial processes or acting as personal assistants, how do we ensure those algorithms are not inadvertently going ‘rogue’ and turning ‘to the dark side’, succumbing to hackers’ ever-evolving techniques? Like with most things in life, the best approach is ‘trust, but verify’. This is where identity governance, now widely deployed to govern human employee access, can be used to keep tabs on AI assistants and industrial (ro)bots.
We know that today’s workforce has become an increasingly bigger target for cyber-attackers who see stolen user credentials as the proverbial ‘keys to the kingdom.’ In fact, the vast majority of data breaches, whether conducted by a cyber attacker from inside or outside of an organisation, involve the misappropriation of digital identities and their associated account credentials. In addition to targeting networks and endpoints, cyber attackers are exploiting valid user accounts to gain unauthorised access to sensitive systems and high-value personal and corporate data.
In fact, according to the Verizon 2017 Data Breach Investigations Report, 81% of hacking-related breaches involve the misuse of identity credentials, leveraging stolen and/or weak passwords. Now that the term ‘digital identities’ extends to both human and non-human identities, protecting the identity of today’s digital workforce – human or AI – is imperative.
In the same way that a human employee has a line manager and access privileges, non-human identities (bots) access to enterprise applications and data should be defined and governed on an ongoing basis. In case the bot identity is compromised, there should be systems and processes in place that would help disable its access to sensitive systems, files and documents. This is not something that most enterprise identity programs currently account for but the tides are quickly shifting. At the end of the day, we need to ensure that all identities in the enterprise – human, IoT, or AI – have a well-defined role, with proper entitlements and governance of their access.
With the introduction of bots to the mix, what does this ultimately mean for enterprises who must properly manage all digital identities in the enterprise, going forward? It signals a new frontier in identity. Enterprise identity governance programs have historically focused on three primary users: employees, contractors and partners. In the new business world, non-human users have clearly introduced a new identity type, posing an emerging challenge for modern enterprises to tackle. As a result, it has become time for us to collectively rethink identities beyond humans, understanding how these non-human entities interact with enterprise applications and data while applying proper governance controls. This is the new user frontier in identity.
About the author:
Paul Trulove has worked in product management and strategy for over 20 years, and now serves as the chief product officer at SailPoint. With extensive experience in formulating innovative product strategies, launching new products in early-stage ventures, and growing products into category leaders, he leads our product teams to success through strategic communication and collaboration between our customers, partners and product development teams.