Commissioned by ForgeRock
1 Introduction
IGA is one of the core components of identity and access management (IAM). While IGA is a well-established technology, it remains challenging for both businesses and the users that are involved with IGA tasks. There are various reasons for these IGA business challenges:
- Identity silos are hard to manage. It is difficult to understand where access takes place and hard to deliver consistent experiences for managing access entitlements, such as roles and groups, for requesting access, and for doing access reviews and analytics across the silos.
- Operational inefficiencies are related to the complexity of many tasks for users, such as access recertification, which frequently leads to rubber stamping. Inefficiencies are also caused by the complexity of administration and operation, including creating and maintaining role models or manual fulfillments.
- Many activities are also made more challenging by a lack of context, including why an entitlement has been granted, whether it is used, or how it relates to other entitlements.
This results in a range of challenges for businesses, including over-privileged access and excessive permissions, orphaned accounts that are no longer required or used, and a lack of visibility and accountability. Despite enormous time and effort dedicated to implementing and running IGA, many organizations don’t see great results because of these challenges.
Conceptual approaches, such as role mining and engineering, have proven to be insufficient to address these challenges. Many of these can be addressed with automation, more advanced solutions, and approaches that assist users in executing many IGA-related tasks. AI and ML technologies can do many of these things.
Enhanced by AI and ML, IGA solutions are better suited to deal with regulatory compliance and security risks – such as data breaches, privacy violations, or fraud – and to provide more agility and ensure a better customer experience. In light of the COVID-19 pandemic, businesses have had to become more agile, support different work models, implement new types of collaborative solutions, and even change their business models entirely. To support these requirements, IGA must not be an inhibitor for change. Instead, it must deliver the flexibility required by dynamic businesses and changing access requirements.
AI can support many areas of IGA. It can be used to analyze common patterns of entitlements and identify outliers, as well as standard entitlements for certain groups of users. This can help to create roles or other groupings of entitlements. AI can propose entitlements to users that are most likely to be requested, simplifying the search amongst the sheer mass of available entitlements. AI can also make recommendations for access review processes regarding approvals and revocations.
Augmenting traditional IGA with AI and ML, is an obvious measure as long as solutions are well thought out. When they are, they can help overcome many of the challenges users face with their existing IGA solution.
ForgeRock’s AI-driven solution, ForgeRock Autonomous Identity, focuses on understanding who or what should have access to what – with sufficient confidence for supporting and automating approvals – provisioning, and reviews.
The specific strengths of ForgeRock Autonomous Identity are its data agnostic approach (the use of a large amount of data beyond data kept by the ForgeRock Identity Platform) and the ability to operate with other third-party IGA solutions. The latter is enabled by a comprehensive set of application programming interfaces (APIs) for integration with other solutions. With these capabilities, ForgeRock Autonomous Identity leverages existing identity investments and overcomes the challenges introduced by multiple identity silos.
We are convinced that we will see a strong uptake of AI-based solutions in IGA and overall IAM, such as ForgeRock Autonomous Identity. However, it is essential to understand that technology will not solve all challenges, and to be aware that we are still at the beginning stages of an evolution in this area.