33: What Role does AI play in IAM?
Audio Cast:
Takeaway Points:
Firstly not all AI is the same - we need to consider some main building blocks such as large language models (LLM) and generative AI, retrieval-augmented generation and the use of Agentic-AI
We should then consider each identity type as having a life cycle
Identity types could include humans (for staff and customers), non-human for workloads and services as well hardware related identities
A life cycle approach simply means we should consider the different stages need to create, manage, use and eventually off-board the identity - depending on the type of identity could contain 8 or more stages, each with their own sub-life cycles
To that end, where does AI fit it? If we break our life cycles down into a data management and runtime management point of view, we can then start to see potentially issues that AI can help resolve
From an IAM data point of view we should consider profiles, permissions and policy as the main building blocks with some key issues focused upon hygiene, unused permissions and profiles and ill-defined policy - not to mention issues around system integration and description management.
Some issues that could be fixed include:
what permissions to associate with a new user (LLM)
analysis of policy and permissions to generate human readable descriptions (gen-AI)
recommendations during access request processing (gen-AI)
recommendations during access review management (gen-AI)
chatops integration during policy request and design
automatic creation of connectors and integration components (gen-AI)
hygiene and cleanup (LLM)
From a runtime point of view, we should consider authentication events, access control enforcement and application activity
Some issues that could be fixed include:
analysing baseline behaviour during login (LLM)
identifying bots/automated attacks (LLM)
creation of policy based on traced behaviour (gen-AI)
Agentic-AI will also have a significant role to play in the automation of both request, detection and response workflows - that integrate with both business process tools (think ITSM/ticketing) as well as security tools such as end point management and threat intelligence