Enterprises are feeling mounting pressure to embrace digital transformation. As a result, they are seeing a myriad changes as the definition of users is expanding, the number of applications we use in business is growing, data is exploding, and organisations are fighting to deliver customer value and a competitive edge at every turn.
But with the nature of business changing, so too must the identity governance programs that organisations use to secure their digital assets – across users, applications and data.
Here’s what every business leader needs to know about identity governance today:
The ‘user’ frontier is evolving
Who, or better yet what, organisations consider an identity is changing. While enterprises have long focused on managing access rights and privileges for employees, contractors and partners, there’s a new enterprise user coming to the cloud and data centre: software bots.
These bots are accessing data, making decisions on that data, and then performing actions. When we give such access to people, we scrutinise their access, which is what organisations need to do now with bots.
The application frontier has shifted
Most enterprises have experience in governing access to on-premises applications. However, with the explosion of cloud services, the number of applications that needs to be governed is rising exponentially.
It’s not unusual for larger organisations to deal with thousands of applications. As the number of applications grows, identity governance must adapt to cope with increased scale of these applications, both on-premises and in the cloud.
The data frontier has exploded
While the increasing number of applications creates identity management challenges, so does the rising amount of data stored in files like PDFs and PowerPoint files. There’s a huge amount of sensitive data being created and stored outside the corporate network and, as a result, its within IT’s purview.
For example, end users create a significant amount of risk by copying and storing company data in files in collaboration platforms such as SharePoint or cloud storage services like Dropbox.
With the growing pressures associated with new types of users, increased applications and vast volumes of unstructured data, enterprises must take a different approach to identity governance. Part of that new approach involves evolving identity governance programs to take into account the new frontiers in identity.
In addition, there are also new technologies coming to market that can help enterprises manage identity more effectively to further reduce risk, while improving efficiency and compliance.
Technologies such as artificial intelligence are increasingly being deployed for new uses – including for identity management – enabling enterprises to make fast but intelligent identity decisions.
With AI, enterprises can better distinguish how access is being used and quickly differentiate normal usage from suspicious usage. When organisations can understand what ‘normal’ access looks like on a particular system, they can swiftly identify suspicious activity and terminate that access or, following an assessment by the appropriate team, determine that access is valid and then permit it.
Technological advances show that, despite growing risks and complexity in managing enterprise technology and data, it’s not all doom and gloom. There are many ways AI and identity governance can enable organisations to innovate without sacrificing security. AI will help organisations govern smarter, define risk more precisely, and move forward much more nimbly and securely.
Ultimately, AI provides a lens with which to focus on identity governance processes and controls so enterprises can manage the risk, not the noise. And while AI isn’t a panacea for the new frontiers of identity – it will have a significant impact on how the identity industry overall moves forward to keep pace with the rapid digitalisation of the enterprise world.