Good afternoon, ladies and gentlemen, welcome to our equipping, a cold webinar cognitive technologies and the future of identity and access management. The speakers today arrive with Def who is I am strategy lead at IBM and me Martin Kuppinger I'm found and principle Analyst at Koa Cole. This webinar is supported by IBM before we dive into the content, which will be, I believe highly interesting because there wasn't that much talk about cognitive and cognitive in the context of security and identity access management.
I just wanna give you some background on copy a call and some provide some housekeeping information. So copy and cold. We are an Analyst company founded back in 2004 with people in various countries, our headquarters in Germany, but we have people in the us. We have people in the UK, in Australia and other countries. We offer neutral advice, expertise, or leadership, and a lot on for knowledge about what is happening in the industry.
We are specialized on information security with a strong emphasis around identity access management, but also many other topics. So that's basically what we do.
Our three pillars we have are research events and advisory. So in advisory we support end user organizations. And to some extent, the vendors in their business, in our events area, we do webinars. We do conferences and a lot of our events we trust and it, our first consumer identity world conference in Seattle is our first us event. And we do research. So we provide our leadership casses and a lot of other things.
So we, this is what we are doing.
When looking at a conferences, we have currently running our consumer identity world too. As I've said, the us event just ended. The next one will be in Paris. And then there's another one in Singapore. In December, we will do an event on next generation marketing in the February timeframe.
Next year, we will do our digital finance world again in also in February, March in Frankfurt, Germany. And clearly we will do our European identity and cloud conference, which is our flagship event, which will take place again next year, may in Munich, if you want more information, you will find it. Our website research advisory events, all that information available@ww.dot.com. So some guidelines for the webinar.
First, you are muted. Central is here. Don't have to mute these features.
Second, we will record the webinar and we will share both the podcast recording and the Slidex. So my slide deck will be available as well.
And then there will be a Q and a session at the end. You can enter questions at any time. And the more questions we have, the more lively and interesting the Q and a session will be. So having said this, let's have a look at the agenda as with most of our webinars, the agenda split into three parts.
The first part I will provide an overview of what AI and co so artificial intelligence and cognitive technologies are try to define some of the terms we frequently heard here and look at how they can impact information security in general. And I am and specific. So what I will do is I will set the frame and I will lead towards the key topic about what is the future role of cognitive technologies for identity management or what is the relation of cognitive technologies in the future of IM?
And the second part, then Rago will talk about cognitive technologies in the future of IM at IBM.
So he will give an insight on how this delivers a benefit to what we can do in IM from a practice background. And as a third part, then we will do a Q and a session, as I've said. So we will look at the questions you have entered until then, and try to provide good answers on that. So I want to start with some five axioms on the state of cyber security, because this is what drives a lot of the use of cognitive technologies in information security in general, and in identity access management in specific.
So, first of all, there's no 100% security. So we will never from promote perspective and not only mine get to a state where we have a hundred percent security, there are always ways to bypass security.
What we need to do is to get better in security, to mitigate our risks and the biggest risks as much as we can. The second point or second Axio is once the system device or thing is connected. So to the internet directly or indirectly, it is under attack. There are search and engines, which look for connected things for connected devices, for connected systems, which analyze them.
They, there there's a lot of tooling to find these things, to attack these things to auto made it automatically attack things and devices. So always assume that you are under attack. And that also leads to the third accident, which is every individual in every organization is, or has been attacked. And my strong belief is, has been attacked successfully to some extent successfully, but there, you always have to assume that there's someone who has been, or is in your system, what he does and how harmful this is.
That's the second question, but assume your attack.
Yes, there are backdoor to hardware, software networks. There are probably other, maybe less or different backdoor than frequently sudden public.
So the, the ones which are most discussed would be identified very, very quickly. So if a standard office tool would report back to in a way, which is in appropriate, there would be too many network sniffer tools in use, which would identify this directly, but there are situations where whatever type of software, not all, but some software, some network components, some OSS, some hardware might be reached via vector.
And the challenge factors is the vectors might not, might not only be known to the ones who pushed for having these vectors, someone else from the dark side, what even darker side might have detected these vectors. They might have even found the keys. They might have duplicated the keys.
And another very important point is our biggest challenge maybe is we don't have enough sufficiently skilled people out there to staff the cyber defense centers. So the big, big challenge and security is we don't have enough experts and it's not easy to find these experts.
We need to figure out ways which help us in this situation. So how can we get better? And this is where cognitive technologies come into play, which travel, explain on a minute because cognitive technologies help us to solve some of these challenges by better identifying anomalies and behavior, by better identify outliers by better identifying or better helping us finding information. We need to, to, to understand what is happening and some of the other tasks. So they can also help us with the skill gap we are facing.
I wanna start with a picture, which is a little high level, but explains one of the biggest challenges we are still facing.
This is the known versus unknown attack patterns picture.
So when, when an attack is created, someone starts creating this attack and he might use, create an attack vector, which uses them known exploited, but he also might create an attack vector, which uses an unknown exploit. And that's what, what we are really looking at. So there's an attack created. And for some time, this attack remains undetected. So there are attacks which are detected rather quickly. So ransomware tends to be, to say, hello, here I am.
Give me money while others more tend to remain undetected because they want to crawl through your networks, re it infrastructure until they are at a really, really valuable data until they are at your crown tools. Then there's a period where it's detected where it's analyzed. So someone detected, someone starts analyzing it, which frequently are anti malware vendors, but not necessarily anti malware vendors.
We see a lot of parties which do that. Then we have to patch development and distribution. So the vendor of the software learns about he develops a patch. He distributes.
So we see that we go from a very dark red to a orange, to a glide green. So the risks are getting lower. And finally, we, we are in a somewhat green state. So we have a decreasing number of unpatched systems.
However, we have to be realistic. So when you look at the numbers which have been issued for heart bleed, so I think it was around about 50% of the systems were unpatched. One year after heart bleed became public became unwielding. So this is still a horribly bad number here. That means we have a RA a long period right now, when we look at this picture of unknown attack patterns, and we have a period of known attack patterns, the big, big challenge is the black part unknown attack patterns, because until we really have the patches, we have everything available.
So for a certain period of time, even when they become known, it still takes time where we can identify and protect only by identifying anomaly. So UN unless we know that there's a certain attack vector, we can't look for this attack vector. And only in when we know it, we can search for known attack patterns, become, we, we can look at the signatures and all that stuff. So for certain period of time, we really need technologies, which look at other things which try to understand, okay, this is not a normal behavior. This is a something which goes wrong.
There might be incidents even across a couple of systems, which have to be related to understand, oh, there are unwanted things happening in our network. And so that's where advanced technologies. So the cognitive security comes into play because cognitive security can protect us across sort of the entire, entire flow of that attack.
Once it's out, potentially it can be identified while traditional security technologies primarily help. So they're moving to become more cognitive, most of them or many of them, but they are primarily targeted as helping us dealing with things we know.
And this is one of the big challenges. That's one of the big reasons why we need cognitive security. And when we transform it to identity management, we will see us in identity management. We need these things to, to work with the more complex scenarios we can't simply tackle with simple rules that things we already have. So the target of what we do in information security is basically when we look at the big challenge of we have so many attacks, we have so many incidents, we have so many systems.
And so few people who really are the experts, and then it's minimizing the unknown events and detecting the incidents.
I'll tell you why. So we have some systems with collect events that can be lock files, whatever else.
Now we have systems which correlate these events, these event correlation systems that could be a rule-based sea or security information event management, but it could also be something where we already bring in some cognitive technologies by better understanding the relation of events, understanding the complexity, because we have to deal with NASA of data, also historical data. It's not just saying, I look at what comes in. I need to compare it with the history. I need to compare patterns to understand where are the anomalies. And then we can split it into known events.
I made in black and known regular events or known incidents, known regular events, white, the lower one. And then we have gray area of the unknown events. And we could transform this into what I call the pyramid of events and incidents. And in this pyramid, we have a gray area. So the plaque area is not unproblematic, but it's not our biggest challenge. If we know an incident, we can react on it. We can react on it in an automated fashion.
If we know that something is regular and unproblematic, we can either not react or we can also react automatically. The problem is the gray area.
How can we reduce the number of gray ones? The things we don't know, because they need the investigation. They need people to look at in detail. So this is where we, and this is what we then provide to the incident management systems. And here cognitive technologies is help. In two ways. One is helping us to minimize the UN only ones by better analytics, by better understanding of what is happening here. And by providing the related information, we need to understand and to deal with these UNS. So this is basically why we need technologies.
If we need to do this all sort of as traditional or technology or manual, we always end in this skill gap. We don't have the capacity, cognitive cognitive technologies help us by having systems, which act sort of with some cognitive capabilities.
So when we look at this, then we have masses of passwords.
So, and as we all know, marketing departments tend to use these passwords regardless of whether they are really correct or not. So I try to little bring in little explanations. So artificial intelligence, the AI term, this is basically first, it's the science of making computer solves tasks that usually require human intelligence. This is artificial intelligence. And then there's one area which is strong AI or general AI. So which would move into a director where a computer has mind and exactly the same sense human beings have minds. This is very much future.
So I trade out a little and then we have weak AI or applied AI, which is software focused on solving specific problems. This is really what we need to look at because we are looking for software, which supports us in solving specific problems.
This is the area which is really interesting and relevant. There's a lot of AI research there, areas of ongoing research, a lot of things going on, a lot of fascinating things going on, some of them will succeed. Some of them will fail as always again, not our main topic here.
And then we have cognitive solutions, which are in fact, today's practical applications of AI research. So the things we really can do, and some of them are not really new. So if you go to the definition, self task, that user truly require human intelligence. Then we have a lot of things which are already out there. So we see cognitive solutions today in information security, growing number of things, we see them in self-driving vehicles. It's very much about solving problems that require human intelligence and even decisions in areas.
But decision sort of is preconfigured redefined, psychologically profiling, postal mail, address detection, something which is out for quite a while.
And many, many more. They rely on cognitive technologies, such as computer vision, language processing, very interesting field knowledge, representation, and also many more of these technologies. And there we commonly used the machine learning methods, so methods which helped the machine to learn like pattern recognition. So really recognizing this is a sort of pattern, outlier detection, genetic algorithms, deep learning and others.
So I think it's important not to mix it up at, at, at a thing level and machine learning can be very different thing, but there are also things which are net machine learning. I'll touch it in a minute. And then there are algorithms and methods below, which are neural networks, cluster analyzes, reg crash analyzes, which are used by machine learning methods, which are used then by cognitive technologies to provide finally a cognitive solution, not machine learning is everything, which is only based on redefined rules.
And there are also algorithms and methods, which are not machine learning.
So pattern matching, which doesn't learn, which isn't has, the learning phase is not machine learning. It helps potentially in cognitive solutions. So that might add to cognitive solutions, but it's not directly the part of the cognitive or not part of the machine learning. It might help in the cognitive learning. So cognitive technology versus machine learning. So cognitive technology is machine learning plus draining data plus the human expertise.
So it's really about training and by the way, imagine or understand your machine when you start as if it's a baby and then it becomes a toddler, young kid and someone, it gets adult, it's not a one time learning, it's a lifetime learning. So the learning shouldn't stop and requires human expertise. A cognitive solution then is the business case where we apply the cognitive technology.
This is really what we do here.
So anyway, when we look at this, there's a lot of discussion about it in the algorithms at the end, what counts our results, clearly the better results you get by using the right combination of algorithms. But the target is having technology solving tasks that usually require human intelligence. So understanding stuff, learning reasoning, decision, making, pretty tough area interaction. And so this is the way we should look at it and Ragu will touch on this later in his presentation again. So he would go more into detail on these aspects as well.
I think what really makes the difference between now and maybe a couple of years back is that we have an evolution in two areas. One is we have the capabilities of algorithms and Mo methods.
We have, we understand and better there's more out, there are more algorithms, more methods, even while many of these methods date back 50 years or so.
And the other is we have, that's probably the most important thing we have the processing power and the learning speed. So we have a totally different processing power than 10 or 20 or 30 years ago. And the speed of learning is different. And also the availability of stuff to learn from is different because we have a lot of information already available in digital form.
So moving for rules to queries, to advance statistic neural networks and the combination, the better we are on both ends. So using the right technologies and using the right, having the right power to do it, the better the cognitive capabilities are obviously there, there remains the age old problem with AI, it's lack of common sense. So it's the lack of the ability to recognize and retract decisions that are obviously stupid even to delay. So we need to go well, understand what we do with it.
And whatnot is cognitive technologies, but cognitive technologies can, can help us supporting our cyber defense center in various areas. When we look at so typical things, we identify our problems, we, or risks, we prevent attacks.
We detect, respond to recovery, we improve across various areas. Then we have a couple of elements where cognitive technologies help us to help us, particularly in early detection, which is one of the most important areas and in structured handling. So when we look at the incident management part, these are the areas where we see the biggest benefit in overall information security. So this is one slide. And right now, when we go move to identity management and before I hand over to Raghu, cognitive inte identity, in fact, that means sort of making I am in big, big quotas, more intelligent.
So which areas do I see to give you some, some ideas and, and that's the area where then Raghu will dive much more detail.
So there's adaptive authentication. So it's better understanding the authentication risk and adapt the authentication accordingly. So this is a complex area we have where we have a lot of context factors and other information, and we need to correlate. Then we have the area of risk analyzes. So identifying, managing risks, what are the risks? How do we risk patterns change, where we see a lot of, lot of options.
So if you look at all these areas of role mining, access intelligence, etc. So if you can make it more dynamic based on also on, on a changing dynamic environment, we can benefit lot that will lead a better understanding. It will lead cognitive technologies and trust the user behavior and session behavior analytics, where we look at Analyst and privileged sessions or regular access, very obviously a field for that. So to end up with some recommendations, before I hand over to Ragu, if you're an user organization investigate cognitive security technologies.
Now when you invest in cybersecurity, it's the future be a little bit careful with all the, the vendor claims look at, what does it really do? What does it really mean? How much learning support do you need and all this stuff. And if you're a vendor look at moving in that direction with that, a handover to Ragu, as I've said, he will talk about the cognitive techn in the future of IM at IBM with that. I make RA presenter. RA's your term.
Thank you, Martin. So first of all, I think it was a great overall overview of cognitive technologies.
So here, what I'm going to be talking is application of, of such technology. So I'm not going to spend more time on, you know, giving the importance of why we have to innovate that there are security breaches and spend time on security breaches, et cetera. I'll dive into the topic itself, making an assumption that we understand the importance we are coming from there, like Martin said, there's no hundred percent security.
So, so we are going to spend time on understanding the core aspects of how IM is today and how we can apply cognitive technologies to it, to innovate. Also, I want to let people know that this is just one piece of innovation, and I think there are multiple people in different arenas doing similar innovations that will help us revolutionize. I am eventually. So with that, I'm going to launch in.
So, so today what I plan to cover is, you know, the traditional solutions and, you know, and then what is our utopian goal and why is this important? You know, what are the gaps today perceived gaps today? And finally, I think, you know, for any of these technologies to work, we need data. And so for, from a data aspect, we need to make sure that data owners do profit from, from these experiments.
And, and that opens up the whole question about how much data is out there and what do we process and data itself is a huge beast. And how do we tame that finally cognition like, like Martin said, there are so many terms being thrown around. So we want to make sure that the definition for cognition is accurate from an IBM point of view. So we are going to use the IBM definition to show what cognition is and see how that can be applied to the current IAM posture.
And then I I'll talk about how we executed and how we learned lessons from it and, and how those lessons are helping us improve our experiments.
So today's IAM at a very, very high level is quite simply put, we make a request, an employee makes a request gains access to an, to an it resource, and then accesses that resource through simple means, of course, we want to protect our crown jewels. So we have things like two factor or multifactor authentication on top of existing authentication patterns. As a catchall. What we want to do is collect all identity and access data.
And this is, this is, is the lead in to the first thinking of how to apply more, you know, refined methods to analyze what, what is happening within the IM you know, infrastructure and processes.
So what are the gaps? Why do we need to do this?
You know, so I've listed top three gaps. I mean, you can go on and on and gaps for different enterprises are different and drivers should be different, you know, so, you know, take your pick. So the fact is that I am stack is currently siloed. So your single sign on solution is separate from your access management or access governance solution is separate from your multifactor solution, et cetera, et cetera.
So, so in, in this scenario, you know, the siloed approach splints the risk into, into different compartments. And doesn't give you a holistic picture about a certain identity or the certain access for that identity.
The, the second fact is that IM systems do not clearly understand the data they're trying to protect. Now, this is, this is very critical because, you know, I think we are still in the ages of relegating IAM to a administrative function or sometimes extended to solve compliance issues.
Yes, we are moving fast towards security and securing identity and access, but the predominant use of IM is still in these areas. So, so it's, it's still a gap the third least last but not the least is that we don't have holistic behavior analytics around different pieces in the, in the IM you know, environment. So what by that, what I mean is, you know, you don't have endpoint behavior analytics, you don't have, you know, that happen.
You know, what kind of accesses does this person have? You know, what is he accessing, you know, is usually splintered and so on and so forth.
So, so even though some vendors, and even though some systems are providing behavioral analytics, we don't have a holistic view of, of behavioral analytics.
So, so we created a goal for ourselves. So how do we get to this end point? We have to start somewhere. So at again, at a very high level, it seems very simplistic that we need authentication and authorization data from an IM perspective. That would be the whole domain, if you will, of our understanding to get a complete grip on.
And then, you know, we need an engine which essentially allows us to go through and, you know, make sense of the data that we are collecting. We are not talking about just descriptive analytics or prescriptive analytics. So predictive analytics, we are talking about a holistic view of how we can, you know, make sense of this, of this data. And I'll come to the, I'll come to whether it's log data or non log data, et cetera.
And then, you know, once we do that, we, we simply publish that data, right.
So, so we want, we want to say, okay, who's interested in this data and publish that data.
So it's, I mean, you could, you could say it's some sort of a pubs up model. What are we trying to do?
Actually, what are we trying to do is, you know, we are trying to, you know, figure out risk and manage risk within an IAM. So, like I said, moving beyond administration and compliance, what we are trying to do is manage risk. So that risk can be, you know, three distinct variables, identity it's relationship in, in the, in the enterprise. And then again, you know, this is very, very critical is the context.
So the, the, the idea behind this is that these three variables have some sort of a relationship and that relationship essentially allows us to, you know, figure out the, the risk that is in the environment.
So elaborating on that risk so we can break it down, right?
So if you say who, then it is certain identities and the, the way to identify, you know, where it's coming from, you know, where the person is coming from or where the machine is, originating its initial traffic from, et cetera, etcetera, that's the who part of it now taking it further, you know, you can, you can say, where is it coming from, you know, as an example location, right? So geolocation and, and you can start adding, you know, contextual data, like when is it, when is it coming from?
So again, I've taken the Liberty of, you know, broadening as well as abstracting. So, so, you know, it's important to realize that this is not, it, this is just the beginning, the final and the most important piece is, is I would say the authorization data, which is, which forms the relationship to the data that you're accessing.
Now, if you think of this, think of these three variables interacting, and then you create this risk pattern that allows you to construct complex models or even simple models in the beginning to, to get a handle on what kind of risk exists in, in this environment.
So, so first of all, like I said, in, you know, in the agenda slide is, is that, you know, we, we need to make sure that we deliver value. We deliver value to our most important stakeholder. Who's the data owner.
So these, this data comes from applications. This data comes from systems. This data comes from various systems.
So you, you need to actually be able to give back to them. So whether it is a grassroot effort or whether it is top down approach in an enterprise, this is critical because we, we to service our data owner.
So, so the next thing is reduce the compliance cost and fatigue. So essentially we need to make sure that it's important to have solid outcome. Right? So take your pick again, right? So you don't need to say compliance is your, is your goal.
You know, so, so it's, it's important to understand that, you know, it is, there is a goal and, and you have, you have a way to reduce cost or, or the fatigue around compliance for us. It is so, so we, we want to attack this problem. The second thing, or the third one is of course increased security. So if you notice that, you know, I put security as number three, because in order for programs to become successful, it's important to take something more concrete and not nebulous.
Things like security, of course, security is very, very important, but you know, you have to solve real, real problems and make partnerships within the enterprise, which makes your program extremely successful. So this is our experience that we need to make partners of our data owners.
Yes, it is a overwhelming chart and it's meant to be so, so the quest for data is immense. So there are multiple places where you can get this data from, and there are multiple, you know, places that we need to get data from for you to construct a complete, you know, picture in cognitive terms, I'll get to it is, is called the domain in which you operate. So it's very, very important to get a good understanding of where you're getting data from and where you're not getting data from, in order to understand your gaps.
So you, you're kind of filling in those little holes with some assumptions and understanding so that you understand that in the end, your, the probability or the certainty in which your giving your assessment or your output is also that uncertain because you don't have, you have gaps in your data.
So once you gather all this data, it's also very important to get it into sort of a data model that is, is convenient and good for you. Right?
So, so I, I put a construct at the bottom by no means it's, it's a prescription. It's just basically showing the complexity and how to explain each of the entity that you are going to gather, and, you know, the metadata that describes each of that entity.
So, so in other words, you have to have a, a holistic understanding and a, a comprehensive data model for you to become successful at this, at this, with this experiment.
So what is cognition and, and Martin elegantly talked about, you know, the differences and distinctions. So I won't talk about the differences. I'll dive a little deeper into, into what we mean by cognition.
So, so there are four basic things that a cognitive system must do. Like anyone else in the market.
You know, we, we are in IBM also started calling everything cognitive. So, so we put a, a good boundary around what we mean by cognition.
So, so systems begin to qualify whether or not they have their call cognitive systems. So at a minimum, a cognitive system should have a good understanding of the domain, a deep understanding of the domain. And then it has to learn continuously. And I think, again, Martin touched on a few of the learning, learning algorithms. So for a basic system, as an example, we need to have inductive or deductive training, you know, so, so that, that's the way we have to learn.
And that is, these are ways in which we learn and it, and it can be supervised learning.
Third one, which is very, very important is reason is reasoning. So reasoning is always towards a specific goal. And this is the reason I was saying that you need to make good partnerships with your data owners, where you create use cases that are relevant for your data owners. So that way you are not, you know, creating use cases that are nebulous and not useful for anyone. So they have to be grounded. Plus you can, on top of them, build on, build on what people may not understand today and may understand tomorrow, but it, it, the, the, the give back has to be solid.
So reasoning has to be for specific goals. Interact is also important because we want that cognitive system to interact.
And, and it, you know, we don't mean just trivial interaction.
We mean interaction either, either by giving a message, asking questions, textually, or voice, et cetera, et cetera, all those things, actually.
Yes, but what we also mean is interaction is, you know, predictive, which is combined with prescriptive in the sense. So if, if a person, if a manager is approving access for somebody, he could get the benefit of his peer group and how they've responded. So this body of knowledge supplied to a, a manager in time may save him a lot of heartache and trouble as well as help.
So, so this is what we mean by interaction interactive system, creating an interactive system. So a cognitive system must demonstrate all of the above capabilities also in an nontrivial way.
So, so this is important, and this is what we will apply to our IAM system. So again, from a capabilities perspective, you know, you could, you could go into different levels of cognition.
First one is basic cognition, you know, which is what we are, we are targeting. We are not targeting advanced or ultimate. So the basic cognitive system operates on a body of knowledge.
This is, this is fundamental to, to, to our, you know, getting a successful cognitive system out. So that body of knowledge I already said should be authentication and authorization data within that, based on your use cases, you know, you can start crafting things in such a way that you create a good learning system that allows you to continuously learn. Next is you create goals that allow you to get to that particular, you know, you know, reason system that allows you to express, or also give you results that allow you to take actions on the last, but not the least is interaction.
You know, like I said, the interactive system that we are talking about should be nontrivial as well.
Of course, the advanced is, has a broader knowledge space, and the, the way it learns is different and also is capable of filling in gaps.
When, when there are gaps with certain rule sets, ultimate is when, when the cognitive system basically can synthesize information, we are not there. And we are not targeting that now apply this, this cognitive idea to a simple use case so that we can drive the point home. And that's important. This is important to understand this example very clearly. So I'm going to, you know, spend a few minutes on this.
So you, you first have, first of all, I think we need to think about, you know, what we said earlier, in order for us to calculate risk, you know, we need identity, relationship and context. So, so this is what we are trying to combine here to, in, in order for us to get a, a clean outcome.
So now we need authentication data and authorization data, and the authentication data can be got from different places, right? So you can get it from, you can get a person's identity from a directory, or you can get from a Sam token, if it is an access system, et cetera, et cetera.
So how you derive that is, is I'm not getting into it, but it is, it is an identity and it has some attributes. So it allows us to actually see whether this person is an employee manager, et cetera. So the example I'm elaborating is an employee can view a record in their own department, a very simple example.
So, so which means essentially what we are trying to do here is see who the identity is, validate the identity, et cetera, and all the identity based risks. So, so, you know, you can apply many, many, many things like, you know, is the identity coming from the right place?
How do I triangulate this information, et cetera, next and more complex is the authorization data. So how do you actually take a resource, like an object that we are trying to, you know, get to, which is essentially a, a record that we are trying to access.
So, so the access, what we are trying to get to is important because that's the data you're trying to protect. So let's say we are in this case, just viewing that data that becomes the operation on that object, or more, more, you know, precisely speaking here, the action for the, the person is performing on that data. So here in this case, he's trying to read that, that, that data element. So now next is the context is, is, is the, how is, how is the person related to this data? Is he from the department?
You know, is he not from the department, et cetera, right.
So that is the context again, very simplistically speaking, right? So this is the context.
So, and, and you can go on about this, right? So you can say which device is accessing this data, et cetera, again, getting from the authentication type. So all of this is forms the relationship to that data element now apply the cognitive thought process behind this, the cognitive thought process behind this is, first of all, you have to understand your domain again. What does that really mean? Understanding the domain is, is all of the above identity, the object and the relationship, of course, the actions, right?
So all of that is the, is, is the domain that we need to clearly and succinctly understand by understanding what we mean is it could be a laborious process in a basic system because you're collecting logs from different, different disparate systems and applications, like I said before. So it may involve tagging. It may involve understanding. It may involve massaging the data. It may involve even applying cognitive techniques, techniques to harmonize this data. So there's, there's a whole list of, or slew of things to tame this beast. The next is learning.
So the learning is an aspect of learning.
I, I don't want to loosely call it user behavior, right?
So I, I want to say how we want to learn given that these are the actions that a user may perform. You can just take that and then elaborate on it, right? So in the sense that you can say, this is the learning environment I have, this is the domain I have, and these are the list of actions that they can perform once that's done. It's it's reasoning. So reasoning, again, like I said, you need to have specific goals. It could be a simple goal here. I have an example. We want to predict if this valid user will abuse his or her access. So that could be the goal.
Again, this goal is, could be like a fancy goal, but I'm not getting into, into whether this goal is good for you or not.
And, and debating about that. I'm just saying that this, it should be goal oriented. Next is the interaction. As I said before, you could create an interactive system that helps, you know, prevent bad actors and actions, so, and, and whatever you need to do.
So, so it could be a simplistic system where you could even query the system and say, what is this action? And the system is capable of interacting with you to say, this action is, and elaborate on the action by, by giving you examples, by giving, by dipping into the, into, into the body of knowledge and pulling out the relevant information and supplying that could be the level of interaction.
So, so this is how we get to our end state. And this is what, you know, painstakingly will be the experiment to conduct.
So while, while making all these statements, you know, we did rule out, we did confuse in the beginning, the examples we have to be cognitive systems, et cetera. So I want to be sure that I say that there are some things that don't qualify as cognitive systems. One of them, one common one is, is RPA, which is the robotic process automation, you know, which we are doing a lot of, you know, converting manual processes into automated processes.
The manual process would be, you know, it could be three, four steps that are consistently done for, for a particular, you know, aspect or administrative aspect. So taking that and converting it into, you know, a, an automated process will not qualify as a cognitive system. And I think Martin spoke about this as well. The distinction is the cognitive system, which uses a descriptive or predictive or prescriptive, or some combination of that is, is absolutely true.
But if you, in isolation, if you take one of them or two of them, or the combination of two of them, they don't qualify as a cognitive system. So, so like I said, we need to stick to our statement of four things that are necessary.
So we, we, we did a few things, you know, the first one where we failed and we learned our lesson from it is that data model is absolutely important. And for, for the data model to work, we need to understand where the data is coming from and how to harmonize the data. We tried to do a least privileged model, and we collected huge volumes of data from thousands of systems.
And we, we realized that not harmonizing the data and coming up with the consistent data model and then having prioritized use cases on top of that, you know, is, is, is, is the, is, is the success that we were looking for, but we did not have that.
So, so it was a very good lesson.
And we, we did this experiment and failed and learned from it. So this is another experiment we did, and we succeeded at it. And this is, you know, a very elaborate picture, but I can go through it quickly. Step one is again, who, which is probably, you know, if you remember the picture it's, who is the identity, and you could have a trigger in, in this case, we created a small trigger, which allowed us to say, when is a person leaving the corporation? So that was the trigger, our goal here. It's important to tell you what the goal is. Our goal here was to identify an insider threat.
So essentially, you know, no conversation about cognitive technologies, you know, is complete without talking about insider threat. Insider threat is one of the use cases that we are looking at.
So essentially if you have corporate data, which allowed people to, you know, see what kind of people are leaving the enterprise and make a short list of that, the idea is idea behind this is to reduce the number of people that you're, you know, interested in person of interest.
So then taking it further, you know, we can, we can do, you know, things like classify data in, in different ways to come up with the real data that you are interested in protecting. So the intersection of this would reduce the person of interest and the data that you want to protect to a, to a minimum amount. So now you are watching a select set of people and a select set of data elements that, that, that are of interest to you.
So we, we quickly learned that, you know, we could find, you know, based on anomalies, the, you know, person of interest and reduced number of people that we really need to be concerned about. So which can go through an entire process that that's laid out, you know, here. So you can, you can, you know, come up with an insider threat list.
So this is what we experimented with.
And, you know, again, abstracting from where we went from, you know, a lot of data to, to the data of interest and what is required to build a basic system. And this is the experiment we are conducting and having good results is that identity and relationship data is important. And we have to collect that. And when I say identity and relationship, it can come from various data sources. And so if this is, this is an abstract representation of that, and then rules and policies, again, rules and policies. When we say rules and policies have to be a combination of multiple systems in this case.
So, so we are not just talking about rules and policies for a given cognitive system. It's very essential to understand the rules and policies that are ingrained in each of your siloed IAM system.
So it is probably the overall view or the least common denominator view of, of these rules and policies.
Finally, it's, it's the data coming from different systems that is structured and unstructured, which means it could be bodies of knowledge, which come from, you know, like, like, you know, blogs and, and output from people's, you know, FAQs and, you know, all of that. So that's the unstructured part, which is human generated. And then the semi-structured part, which could be the, you know, log data that is probably not directly related and sometimes structured data like asset information and, and such. So this is a combination of multiple other data sources and abstracted here.
So once that's done, you, you have a, a view of the person's, you know, identity. And I want to say, I want to qualify this by saying, it's a dynamic view.
You know, you, you, it's not just a static view of a person that means a person and is attributes.
You're not just doing that, but you're adding things like how does this person behave in a particular environment? And that's what I mean by dynamic view. So dynamic view and, and the person's of a person's identity and access is, is critical. Once that's done, you create a bunch of correlation rules that allow you to, you know, basically make sure that these roots are combined in, in, in, in ways in which you can actually derive some results.
So this is the, I would say, you know, a harmonized view of the data, then you have the engine like I described earlier, and this is very important how you experiment with it. We, we are experimenting with even small things like chat bots and FAQ bots, and L two bots, et cetera, where we take a body of knowledge and figure out how to tag it, you know, et cetera, and then create entities and intense, et cetera, and then come up with concrete outcomes so that people can easily benefit.
And then you supply to what we called earlier, subscribers, you know, and the subscribers could be, I I've just given it a limited set of subscribers here, but you could have unlimited number of subscribers. So, and, and these subscribers actually benefit from, from the data you're publishing, but they can actually give feedback.
And this, this creates a, a good feedback system that allows for the fine tuning of this cognitive overall basic system. So this is, I would say a complete view of a iteration, one basic cognitive IAM system.
Very interesting presentation. I liked it very much, and we are moving to our Q and a session right now. So you should see my screen again, as I've said, the, the third and final part of the webinar will be the Q and a, and if you have any questions, so please enter them.
Now we have a couple of questions here, and we will pick the one other question and might answer additional questions in the blog post following if we don't have the time anymore, because we're already at the bottom of the top of the hour. So, so I think one question I definitely want to, to bring up here is, do you need, and that's a question for Ragu Ragu, do you need IM experts to build a cognitive IM system?
I think that's been the beauty of this. We are not really using deep experts in either areas.
So since, since there are so many tools and available to us, we are, we are using outta the box stuff to experiment. I think, I think the that's been, that's been really good for us.
And, and I think you spoke about, you know, having experts and the lack of them both. I think I would apply that to both cognitive as well as I am in both. We have issues of actually getting the right people. So we are not using experts. We are using people who are learning both these things, because they understand it from a high level perspective and not really get deep into it. And that's giving us a different point of view into, into what we are creating.
Okay. And another question. So the one I'd like to pick as well as, so, so what, what are IBM?
So I know you're not from the product team, but anyway, maybe you give, can give some, some background. So what are IBM's cognitive offerings for that type of channel so far cognitive IM
It is of course Watson. And so we are, we are using Watson in different ways. Watson also allows us to use some of its platforms, you know, so which means we have prebi, you know, systems that we don't need to configure and do things like that. So we not. So we are using Watson to give you a concise answer. Yeah.
And I think it's interesting when you look at Watson that Watson, in fact, it's not a, a single, single, but it's a set of capabilities, which you can use for your use cases, which you can combine and it's, it's growing. So it's, I think it's very worse to have a look at Watson. I think these were the two questions I'd like to pick here. Thank you very much to the audience for listening, listening to this, clip a call webinar, and thank you very much Rago for your highly, highly interesting presentation and deep insight you gave into this very new and hot topic. Thank you.
Thank you.
