In today’s economy, organisations that integrate the latest in machine learning and smart technologies into their businesses are regarded as cutting-edge and primed for growth. Tech-first companies like Amazon and Netflix are excelling using their base of advanced learning algorithms to bolster their ecommerce or content production. Indeed, organisations in a wide variety of industries are now pivoting towards a tech-led strategy, meaning that automated processes and interactions with AI will become a hallmark of the modern workplace.
But what does this mean for intercommunication between humans and software bots? While they might be reliable for automating industrial processes or manual business processes, how do we ensure these technologies are not inadvertently going ‘rogue’ and turning ‘to the dark side’, or succumbing to hackers’ ever-evolving techniques? Like with most things in life, the best approach is ‘trust, but verify’. This is where identity governance, now widely deployed to govern human employee access, can be used to keep tabs on AI assistants and industrial (ro)bots.
We know that today’s workforce has become an increasingly bigger target for cyber-attackers who see stolen user credentials as the proverbial ‘keys to the kingdom.’ In fact, the vast majority of data breaches, whether conducted by a cyber attacker from inside or outside of an organisation, involve the misappropriation of digital identities and their associated account credentials. In addition to targeting networks and endpoints, cyber attackers are exploiting valid user accounts to gain unauthorised access to sensitive systems and high-value personal and corporate data.
In fact, according to the Verizon 2017 Data Breach Investigations Report, 81% of hacking-related breaches involve the misuse of identity credentials, leveraging stolen and/or weak passwords. Now that the term ‘digital identities’ extends to both human and non-human identities, protecting the identity of today’s digital workforce – human or AI – is imperative.
In the same way that a human employee has a line manager and access privileges, non-human identities (bots) access to enterprise applications and data should be defined and governed on an ongoing basis. In case the bot identity is compromised, there should be systems and processes in place that would help disable its access to sensitive systems, files and documents. This is not something that most enterprise identity programs currently account for, but the tides are quickly shifting. At the end of the day, we need to ensure that all identities in the enterprise – human, IoT, or AI – have a well-defined role, with proper entitlements and governance of their access.
With the introduction of bots to the mix, what does this ultimately mean for enterprises that must properly manage all digital identities in the enterprise, going forward? It signals a new frontier in identity. Enterprise identity governance programs have historically focused on three primary users: employees, contractors and partners. In the new business world, non-human users have introduced a new identity type, posing an emerging challenge for modern enterprises to tackle. To meet this challenge, organisations must expand their definition of identity to include non-humans, or risk leaving these bots unmonitored with access to critical business applications and data. Applying proper identity governance controls to non-human users is essential to maintaining the security of the organisation. This is a new frontier for us as a society – the idea of bots working side-by-side with their human counterparts – but is also an important new frontier in identity that enterprises cannot afford to leave out of their identity and security strategies today.
About the author:
Paul Trulove has worked in product management and strategy for over 20 years, and now serves as the Chief Product Officer at SailPoint. With extensive experience in formulating innovative product strategies, launching new products in early-stage ventures, and growing products into category leaders, he leads our product teams to success through strategic communication and collaboration between our customers, partners and product development teams.