Understanding AI-Driven Identity Security and its impact on organisational security
By Abhishek Gupta
While the increasing proliferation of new-age technologies like artificial intelligence (AI) is a positive step towards digital transformation, it comes with its own risks and challenges. As employees interact much more with technology now than ever before, the transformational changes have introduced several user entities and points of access, including laptops, smartphones, tablets and more.
A recent whitepaper by Identity Defined Security Alliance (IDSA), a global non-profit that facilitates thought leadership on identity-centric approaches to security, revealed that shifting work patterns are resulting in the emergence of new vulnerabilities with over 90% of organisations experiencing an identity-related incident in the past year. Furthermore, 55% companies still rely on manual processes to adjust access when IT environments change. This has contributed to rising instances involving theft or leakage of sensitive data, often attributed to insider threats. Insider threats can be defined as a security compromise that originates from within an organisation because of malicious, negligent, or unintentional acts by insiders who have authorised access privileges to a company’s systems and processes.
While companies pay enough attention to external security threats, the fact that insiders could cause damage is often neglected. With remote and hybrid work taking centre stage post-pandemic, it is critical for companies to step up and adopt robust identity security solutions to protect one’s systems, platforms, and applications.
A changing work environment
Work from home trends have changed the security threat landscape with increased risk on employee devices, end points, and data. A report published by Keeper and Ponemon Institute points towards frequent attacks on account of credential theft and social engineering, with statistics revealing that 60% of mid-sized businesses that asked their employees to engage in remote work experienced a cybersecurity threat.
The average cost of a data breach in India reached INR 17.9 crore in 2023, according to a IBM Security report that classified it as an “all-time high” and almost a 28 pc increase since 2020. With security breaches on a steady rise, it is imperative for enterprises to step up and address the issue before it’s too late.
Despite ongoing threats, SailPoint’s The Horizons of Identity Security report found that 44% of companies are still at the beginning of their identity security journeys, often lacking foundational governance and holistic visibility into the identities in their environment. Security professionals are failing to adequately communicate the business value of identity security to stakeholders, often constrained by budgets and limited executive sponsorship and focus.
Companies remain keenly focused on protecting business applications, but supply chains and business applications that rely on bots or partners are at high-risk due to poor access management practices. On the other hand, reliance on manual processes for identity access control contributes to companies not knowing who has access to cloud resources, endpoint devices, and unstructured data.
The spotlight on AI-driven identity security
The need of the hour for organisations is to adopt AI-driven identity security solutions to automate the discovery, management and control of all user access. AI-driven identity security proactively provides organisations 360-degree visibility into what access users have, what is necessary, and what access is at risk for potential security breaches. Security professionals can become more empowered to make faster and informed decisions, and at the same time, can quickly respond to potential threats, reducing fraud detection time. It’s also an added support for security professionals, helping them intelligently create and maintain access models in today’s dynamic IT environment.
The benefits are many. For business managers and application owners, the identity security solution automatically accepts recommendations for low-risk access; focuses on higher-risk access that requires more attention and avoids rubber stamping that leads to incorrect access approvals.
It’s simple to integrate this solution with the digital ecosystem of your company–after all, it extends your ability to embed identity security across your environment and centrally control access to all data, applications, systems and cloud infrastructure for all identity types. It also proactively spots and remediates potential risky access, generates certification campaigns to address risky access and understands the security factors behind access anomalies.
Companies that leverage AI-driven identity security are more inclined to gain a competitive advantage as they become nimbler and more resilient in an increasingly interconnected and diverse identity landscape. While there are several proponents who discourage the use of AI and continue to advocate for human expertise in security matters, it is important to understand that AI can address a company’s security concerns through speed and scale by automating complex identity security processes, and its influence on organisational security is inevitable.
(The author is Abhishek Gupta, Managing Director – India, SailPoint, and the views expressed in this article are his own)
