Combat Unauthorized Access with AI in IAM

13. February 2024 | 

Digital transformation requires organizations to collaborate freely throughout the value chain. So how do they know who they’re dealing with?

Amid a frenzy of interest in artificial intelligence, one powerful use case for the technology may have been overlooked: AI in IAM. As organizations race to transform, they are working hard to build digital ecosystems in which they can work seamlessly with employees, customers, suppliers, and other stakeholders. The problem is that those ecosystems also have the potential to undermine security: for example, new research from iC Consult partner ForgeRock reveals a 233% increase in workforce-related unauthorized access last year and a 136% increase in breaches via third-party suppliers.

Security-conscious organizations are therefore exploring how AI in IAM could help them identify risk access requests from employees, suppliers, contractors, and other partners. This is crucial because in the modern digital world, identity is everything. When an organization creates an ecosystem within people, processes, and applications are interwoven and everyone could potentially use everything, it must be confident that anyone entering the ecosystem is who they say they are. But maintaining security at scale and in real-time is challenging – the danger is that cumbersome identity and authorization processes jeopardize the very benefits that the ecosystem is supposed to offer.

Revolutionizing Security with AI in IAM: Enhancing Access and Control

Enter AI-powered tools such as ForgeRock’s Autonomous Access, which exemplify the power of AI in IAM. Through these tools, iC Consult helps customers capture and analyze a wide range of “access signals”. The aim is to flag anomalous access requests and to introduce the right amount of friction through the right channel. The tool can easily be fine-tuned according to the customers’ risk tolerance so that low-risk access behaviors are streamlined while high-risk requests are revoked altogether.

The goal is to make it as simple and rapid as possible for anyone authorized to enter the ecosystem to do so – reducing unneeded friction and potential abandonment. Suspicious access requests, meanwhile, can be resolved quickly, with the user given access or blocked according to their response. Either way, the process is managed autonomously, rather than sucking in resources that could be deployed more productively elsewhere. Autonomous Access learns from past risky access request patterns to authenticate and authorize with greater confidence.

Used alongside other tools as part of a converged identity and access management (IAM) platform. Autonomous Access can mitigate risks of account takeover and unauthorized access, while significantly reducing costs.

Delegated administration is a good example of one such tool. Centralized management of access to systems makes little sense to organizations operating in a digital ecosystem. A head office-based IT team may have little idea who needs access to the system – and how much access should be granted – to local teams in markets worldwide. This issue can become even more challenging as organizational complexity increases – after a merger or acquisition, for example. Tools such as ForgeRock’s Organisational Model can therefore cascade administrative access entitlements across multiple organisational entities, all managed
through an interactive user interface.

Securing Collaborative Ecosystems: Balancing Efficiency, Innovation, and Compliance

This can also be useful for organizations that work through external partners and dealers. The head office may not know all of these partners and dealers individually, since the relationships are organized through national sales co-operations. It can therefore delegate administration responsibilities to such NSCs; these, in turn, can invite external dealers and partners. An AI-based function monitors the system to identify potential threats – too many requests from one NSC or unusual locations.

These approaches to IAM are going to become ever more important as organizations move forward with digital transformation. The allure of the digital value chain is that employees, suppliers, and other partners can work together more efficiently, with skills and resources deployed cost-effectively.

That should accelerate innovation and time to market – but it must not come at the expense of security. An AI-powered approach can ensure security is maintained without adding friction and delay. The importance of identity in the digital ecosystem is that it provides a secure framework for business collaboration: it gives the organization confidence that each user is who they say they are and that they are authorized to access the data, tools, apps – and more – they’re asking for.

It’s also the key to compliance – trails and logs of user activities can be used for audits, analysis and to head off breaches; access to data can be managed to avoid falling foul of regulations such as the General Data Protection Regulation or the NIS2 directive. In this case, solutions such as Autonomous Access and delegated administration become indispensable. Without them, the organization cannot operate a digital ecosystem that maintains security without slowing to a crawl.