CIO Insider

CIOInsider India Magazine


AI-Driven Identity Security - The True Guardian to Protect Your Enterprise Data Assets

Abhishek Gupta, Managing Director, SailPoint

Abhishek is a seasoned technology professional boasting an extensive career spanning two decades. Prior to joining SailPoint earlier in May this year, he has successfully handled key functions across companies such as Zscaler, Gartner, McAfee, Wipro Infotech and HCL Infosystems.

In a recent conversation with Keerthana H K (Correspondent, CIO Insider), Abhishek shared his insights on various aspects pertaining to leveraging artificial intelligence in today’s identity security systems. Below are the excerpts from the exclusive interview –

How does AI-driven identity security strengthen the compliance within an organization?
There are a few ways in which AI-driven identity security helps companies to improve their cybersecurity posture. Firstly, it helps streamline compliance process and makes it easier for the company to comprehensively comply with all the data security requirements and frameworks that are present across several countries today. Since an automated identity process doesn't require manpower, it is cost-effective and streamlines the entire compliance process to a great extent. Secondly, since most organizations are looking to impose a least privilege security method, AI-driven security helps them to enable restrictive access based on the set of policies that prevent sensitive information from being accessed by unauthorized sources. This way, enterprises can tighten their security process by monitoring for suspicious activities such as over-privileged accesses and dormant accesses, and automatically taking corrective measures for the future in real-time.

Thirdly, by assisting in imposing role-based access across the organization, automated identity enables it to grant access to data for their employees based on their roles. Last is the separation-of-duties, which is a security principle where the organization prevents fraud and error by always having more than one person in charge of granting permission to any user who wants to access a particular system or application. By separating the tasks with different identities, organizations can prevent a single party from committing a fraud.

Could you name a few challenges organizations face while implementing an AI-driven identity security?
Today, since the number of cyberattacks has increased drastically post-Covid, companies are increasingly working towards boosting their cybersecurity measures. Since securing a digital identity is still the weakest link in the entire cybersecurity chain, it is today seen as the core element around which all companies look to improve their security measures. However, many companies face challenges such as budget constraints, limited executive sponsorship or focus, and a severe dearth of specialized talent, resulting in many companies being hesitant or unable to implement AI-driven security.

What are the key factors organizations should consider when choosing an AI-powered identity security solution.
Firstly, due the ongoing digital revolution, the number of identities that are accessing an enterprise's systems are increasing each day. It is no more only the employees, but also the third-party vendors, suppliers, contractors, and other personnel. Therefore, managing all their identities effectively is a daunting task for the enterprise. Secondly, they must consider an identity security solution that brings a deeper level of visibility and intelligence into the access rights that are given to various identities. This is critical because it helps organization remediate any unauthorized access and strengthen their cybersecurity to a great extent. Also, the solution must successfully streamline identity processes to better manage user access, allow the IT teams to focus their efforts on innovation, and extend the organization's ability to embed identity context across their entire IT and security infrastructure to centrally manage and control access to all systems and data.

Suggest a few ways in which organizations can leverage AI/ML to enhance operational efficiency while maintaining strong security measures.
Leveraging artificial intelligence and machine learning provides benefits in many dimensions. From a security perspective, organizations can clean up over-entitlements. They can get compliant with regulations by ensuring that the right people have access to the right resources at the right time.

Since securing a user’s identity is still the weakest link in the entire cybersecurity chain, it is today seen as the core element around which all companies look to improve their security measures.

And they can improve productivity by giving users access to only the resources they need to do their jobs. They can also automatically modify or terminate access based on changes to a user’s attributes or location, and automatically perform remediation actions when risky activity is detected.

With an autonomous identity solution, organizations can get deep visibility with a critical, singular view into all identities and their access rights including trends, roles, outliers, and relationships, and easily and securely remove or reinstate access when an employee joins, changes roles or leaves the company, all without any human interaction.

Using AI/ML tools to approve low-risk activities when there are many more high-priority identity decisions to be made that require human manpower, can free up resources for identity teams and enhance operational efficiency.

Current Issue
ARETE: Pioneering Cyber Risk Solutions & Transforming The Future Of Cybersecurity