Walking the AI tightrope in IAM: finding the right balance for your organization
Identity and access management (IAM) is the foundation for control and productivity in today’s digital business environments. Ensuring the right people have the right level of access to the resources they need whenever they need them -- and that the wrong people don’t -- is a core responsibility for administrators and security teams. In a typical hybrid, distributed, multi-cloud environment, with thousands of identities to manage dynamically as the business evolves, the scale of the challenge is considerable. Enter Artificial Intelligence (AI), the seductive solution to all large-scale data-intensive challenges. AI has enormous potential for streamlining the many workloads associated with IAM and lifting the burden on stretched administrative and security teams.
We are undoubtedly experiencing an AI gold rush, but there are tensions in this brave new world. Our recent SME IT Trends report reflects this reality; while 87 percent of UK IT administrator respondents plan to implement AI initiatives in the next two years and 70 percent believe that their organization should be investing in AI, a significant minority (15 percent) say their organization is moving too fast on AI. They are in conflict with the 22 percent who think their business is moving too slowly. That amounts to well over a third of SME IT administrators who are uncomfortable with their company’s AI adoption rate.
So how can the cautious or frustrated plan for AI adoption that satisfies their concerns? As with any technology deployment, there are multiple factors to consider. These can be articulated in questions:
- What current challenges can AI solve and what are the most pressing of these?
- How fast can we deploy without compromising business-as-usual?
- What regulatory issues do we need to consider?
- Do we have the resources and expertise to deploy and maintain the solution?
- What cultural aspects do we need to consider and how will we address them?
Answering these questions brings up the inevitable tensions between them, which require balances and compromises to be made.
Speed versus compliance
AI offers acceleration and automation of key processes in IAM. It has the potential to drive better user experiences, adapting dynamically to changing workplace environments, automatically meeting changing user demands, and drawing on its innate pattern recognition ability to identify anomalous behavior. But it’s important to note that we are still in the early stages -- not all of these use cases are ready for the real world. Generative AI accuracy, for example, is not yet at the level where sensitive IAM processes can be entirely delegated, so caution is needed.
Indeed, data governance and compliance are key concerns that must be proactively addressed in parallel with AI implementation. This will take time and may act as a (necessary) brake on rollout speed.
Businesses must understand the obligations they are accepting when they deploy any kind of AI system -- especially one linked to IAM that handles large amounts of personal data, makes decisions, and potentially takes automated actions based on it. Existing data protection and privacy regulations continue to apply, but new legislation, including the EU AI Act is coming into force that requires organizations to be fully transparent about the AI they are using and what they are using it for.
Due diligence is essential. AI solutions must come from reputable sources and be secure by design, with robust data handling practices and auditable security procedures.
Speed versus operational sustainability
AI deployment roadmaps must also take into account the level of skills and expertise in the organization. There’s no point rushing to implement a brilliant new IAM solution if there isn’t enough knowledge capital in the business to get the most out of it over the long term. Investment in people is as important as investment in technology, and it will take time to build a workforce with new skill sets around machine learning, data science, and AI ethics.
Similarly, there is a strong cultural aspect to deploying AI solutions. Employees need to understand both the power and the limitations of AI. They need to know how their role will change and the importance of their oversight duties. Given the growing regulatory focus around AI tools, businesses also have a duty to ensure employees know how to use AI tools responsibly and effectively, within compliance parameters.
Automation versus human oversight
As mentioned earlier, the incredible potential of AI in IAM must be tempered by the fact that it still has some way to go. There has to be a balance between the level of automation AI is permitted in IAM, and the human oversight needed to ensure it doesn’t act on unacceptable bias and to maintain an ethical approach.
The sweet spot right now is identifying the workflows that most effectively combine the accelerative, automatable efficiencies of AI with human insight. AI is best when augmenting human intelligence, not replacing it. This approach also avoids alienating employees and gets them on board with AI as a partner, not a competitor.
Broad application versus project-based approach
Tempting though it may be to jump on the “all-in” AI bandwagon, for businesses with limited resources and expertise (which is usually the majority of them), it is better to identify key use cases for AI. Ask where it can make a difference to the organization, and where the business needs a boost. This could be in customer service, security, or compliance, for example, but even if there are use cases in all three areas, it is better to prioritize which one to address. Pilot projects allow the business to identify the resources, environment, boosters, and blockers to deploy AI and then apply this knowledge to future projects.
AI has the potential to revolutionize IAM, but perhaps the most important balance to strike right now is between expectations and reality. It is not yet ready to take over the reins entirely. The best approach is a measured one, with a focus on finding a harmonious balance between human and artificial intelligence where each augments the other to achieve the desired outcomes.
Image Credit: Lightspring / Shutterstock
Denis Dorval is Vice President, International EMEA & APAC at JumpCloud.