How did the phrase “Russian trolls” manage to take over the news? If anyone knew at the time that these were not actually American citizens, they would have had no power to influence. That’s what a lack of identity context will do to you.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
How did the phrase “Russian trolls” manage to take over the news? If anyone knew at the time that these were not actually American citizens, they would have had no power to influence. That’s what a lack of identity context will do to you.
How did the phrase “Russian trolls” manage to take over the news? If anyone knew at the time that these were not actually American citizens, they would have had no power to influence. That’s what a lack of identity context will do to you.
Good afternoon, ladies and gentlemen, welcome to our webinar, the power of identity context, how to get the right context and how AA will help you. This webinar is supported by SalePoint. The speakers today are collect crystal senior software architect of Sandpoint technologies. Me Martin I co-founder and principle Analyst at co Cole. Before we start the webinar, some quick information about the flow of the webinar and some background information about co a coal. Before we then directly dive into our topic. Co Cole is an international Analyst company. We are independent.
We are headquartered in Germany, but have offices also in Singapore. And in Seattle, we focus on information cybersecurity then in access management and governance, risk and compliance, and a lot of other things around the big topic of the children's information, our business areas, our research, where we deliver things like our leadership compasses, where we compare vendors in various market segments.
These our topics are, or our business areas are events where we have a couple of events or touches in a minute and advisory where we provide vendor independent, neutral advisory to businesses in the field of advisory, we do a couple of things. So we do things like benchmarking, project guidance, strategy, support, architecture, and technology support, but also supporting, selecting the right tools and the right tools and other stuff. So doing the right choice of tools, we have a couple of upcoming events amongst these events.
We have our European identity and cloud conference, which runs every year, mid may in the Munich area. We will have next year, September our blockchain enterprise days in Frankfurt. And we will have next year, October, our cyber next summit in Washington, DC, hope to see at some of DC ones regarding the webinars and guidelines, you are muted C you don't have to mute around mute yourself. We are controlling these features. We are recording the webinar and we'll make the podcast recording short term. There's a Q by the way, we also will make the slide X available for download.
And there will be a QA in a session at the end, but you can end the questions at any time using the questions tool only go to webinar control panel. So the more questions we have, the more likely the Q and a will be. Let's have a look at the agenda for today. As I've said, I'm the first speaker. I'll talk about the potential AI and ML.
So artificial Intel trends and machine learning delivered to identity and security, helping businesses to better deal with information and focus, the rare human resources and the critical items in the second part, Kelly crystal will talk about or give you a detailed overview about identity context, where AI comes in and the potential this provides for optimizing the way we work today in identity and access governance. And the third part then will be a Q and a session.
So I wanna start with a little bit of a bigger picture here, which goes beyond identity management, but then sort of ends in the area of identity access management. So I wanna start with, look at today, attacks, attack patterns and why context and behavior are so important. And also why identity and access are so important in today's scenario. So when we look at a, at an attack pattern, someone is creating an attack. Someone is creating the malware uses or whatever type of approach uses, depending on the type of attack that can be more than trusted, simple malware.
And then we have a face of undetected attacks. So attacks are happening in our business. We might not be aware of that. There might be someone in, and if you take these numbers saying, oh, the attack or on average is in 200 days until it's detected, it's an issue. There's something happening in our systems. There's some excess happening. At some point, someone detects that there's a new attack vector. It's analyzed a pets created, it's developed and distributed. And we have a decreasing number of UNAT systems, which usually takes, takes quite a while.
So when you take the number of numbers of the heart lead attack, it was that roughly 50% of the servers weren't patched one year after the patch became available. So we have unknown attack patterns. There are things happening, and we have known attack patterns, and we only can protect us against attacks where we don't have a patch deployed. When we look at anomalies. And part of that is to understand how are people using things and to improve our access controls, to minimize what people can do to learn about that. That is one part where identity comes into play.
And, and we will see, there are other ways where this entire topic then of understanding what is happening, relates to what we do in identity, access management, identity, access governance. Later on, we can protect by, by working with standards, attack patterns, having whatever the, the standard signature stuff, et cetera, but here we need more advanced technologies, cognitive security. This is a broad field.
Only when we know what's happening, we can use standard technologies and all this goes beyond sort of the pure play network security field, because at the end, it is people are attackers are trying particular targeted attacks, trying to get hold of an identity of someone and use it for accessing systems. So we are talking about identity and access that is happening, and we need to understand how to deal with that. And there are various ways and various elements.
And we look at one of these elements more in detail later on also in Kelly's presentation, which is how do we optimize all the entitlement part. And I'll take a little bit of broader angle on how does this fit into the entire sort of evolution of cybersecurity and identity management we have to, to, to, to have, we need to evolve, to get better regarding attack. So let's step back and look at what is traditional identity, access management and identity and access governance, or it is doing.
It's a focus on static entitlements, it's data focused on the, on the context, on the behavior, on what is happening. So we look at, we have an access request. We have an approval in the workflow. We technically assign the entitlement. So we do the provisioning and we have access governance. Are these static entitlements still correct? But we don't understand who is the user, is the user accessing the one he should be, in which context is he operating for which system, from which country, from whatever else does he come? What does it mean?
So when we look at authentication, we are not sure should that happen, that context or not authorization based on static entitlements, but is it in the context? So would we allow that access in a certain context, are these entitlements correct? What us the user really do? So is behaving like we expect, is there something wrong? And there are various levels where we need to analyze that.
And I think it becomes very apparent that we need to take a different perspective in identity access management, beyond the static entitlements, understanding the context of the context of the behavior to optimize what we have in an entitlements. So to have a line of defense, which says this identity only has really a least privilege on certain entitlements and also in other areas of identity management, to ensure that we control authentication, also access at run time can run the analysis to mitigate risks.
So there are various ways to, to tackle the problem and seem to some extent tried and still tries to do this, but it's a little bit of an isolated perspective and limited integration. So there's a lot of, there are a lot of areas where if you take this entire way from the data center up to data and access with middleware and between applications in between their attacks on all of these levels and their attacks against the, the, the root accounts and other highly privileged accounts at the network level, they are ax targeted applications, trying to get access to data.
There are various types of, of technologies and various tools, which deliver data collected into a scene. And then we have theoretically the ability to, to analyze whether they are challenges, but it's still more in isolated thing. So it's a packet focus. So to speak more from that. So which packet is running on the network, which what is happening in the systems, then there's the area of UBA, user behavior analytics. That's the term behind UBA, which adds the layer of identity. So how is identity used? It adds some context of the user. It adds a behavior focus.
However, it doesn't, I would say doesn't fully solve, solve a challenge because it's still, still a Raso technical perspective. So it's really that these things are about the context here. So we have this UBA thing, we have the, the general proper security intelligence. We have the specific solutions then for identity access management and using that behavior, we collect with technologies, which are commonly referred to as user behavior. That is where the things really start getting interesting from an identity management perspective.
So we have the information, we have it in the context of user behavior, and we try to do certain things like controlling access. So do I loaded access at run time, but also optimizing entitlements. So restricting working on the least privileged principle, trying to, to really minimize what people can do. So that's where context and behavior are super important. All that then seems to be based on what is commonly referred to as AI. I wanna give a very quick wrap up of terminology here and also passwords.
So AI in general, the science of making computer self tasks that usually require human intelligence, very broad definition. There's a strong AI or general AI. So where the computer behaves as a human. So in the full sense of a human, we are far away from that. Not sure whether we will ever get there, but we also have the weak AI, which is another friendly term or applied AI, which is a better term. So software focused on solving specific problems. There's a lot of research going on, which will need lead to, to first solutions in that space.
But there's also a lot of stuff which is already available. So things I call cognitive solutions, a practical applications of AI research, where AI all commands the human to do certain things better, more efficient, et cetera, than he could do without that. So the solutions we find in information security and including that identity access, and that will be one of the areas where Keller will talk about in detail about such solutions like concrete solutions.
We find in the area of self-driving vehicles, psychological profiling, or very, very well established down toward postal mail address detection, etcetera, etcetera, based on various types of cognitive cognitive technologies, text to speech, language processing, computer vision, cetera, based on various types of machine learning methods. So there, many of these things are building on machine learning methods where the machine learns, there are outlier detections.
There are genetic algorithms, deep learning, etcetera, which then again, bases on things like neural networks for crash analysis, et cetera. But there's also stuff, a lot of stuff, which is not really machine learning. So what builds on, on redefined rules? So rule based stuff is not machine learning things, which don't sort of really learn are not machine learning. Standard pattern matching is just in contrast to recognition, which recognizes patterns based on the learning of different patterns. The pattern matching itself is not machine learning. The neuro sense it's trust statistics.
So be careful with the terms, but AI helps us apply. The AI helps us to get better in many areas, including identity and access management. And what we really should look for is that we have cognitive solutions, which are building cognitive technology, which is machine learning, plus training data plus human expertise. And that really leads to cognitive solutions, which are a business case for a cognitive technology concretely applied to that. And that again is where AI UBI identity come into play. And UBI a is, is really more a technology in that field that helps to build solutions.
And I'll touch this again in a minute. So we have the use of behavior. We call lack information about I, the use of behavior and identity management, maybe also other areas.
We, we correlate the data that might be part of a complete solution that might be not a separate tool. That's really something which frequently is integrate into other solution, but correlating the data, analyzing the behavior, understanding what the user is doing. Understanding, noticing that is very important here. We analyze it. We use it in identity, access management for various things like to authentication, like improving our governance, et cetera.
Some of the stuff might be even working a little without the, the concrete user behavior, looking at the complex structure of entitlements and how these are related and learning about these, how they are used, what is used, what is not used. But again, once you start getting into the usage, it's, it's, it's, it's some sort looking at the behavior of the user. So from my perspective, there are a couple of fields where we can use cognitive identity to really make IM more intelligent. So artificially intelligent, so to speak there's authentication of this like adaptive authentication.
So understanding the authentication risk adapted to the context, there's the risk analyzes part. This is I think a very important one, which where we have a huge potential. So identifying, managing towards understanding, setting, and dynamic risk patterns. So some of them are really static because they're just too many entitlements, the wrong combinations that are there, dynamic ones, which depend on the context to adapt access control, to alert about risks.
Maybe even for a rapid response where we feel there's an attack, running things like role mining, access, intelligence, access governance, all of them can benefit from what we are doing here. And obviously there's the recession user behavior like in the privilege management space or privilege access management space, where we try to detect Analyst immediately respond to them because of whatever a rude account does, things he shouldn't do. Or usually doesn't do a lot of this based on UBA or what is called UBA, but UBA rarely is used isolated.
So I, UBA is flowing into sort of the next generation of seen platforms. It's sometimes found an enterprise endpoint detection response, DLP Caspe, but it's also increasingly empowered. So understanding the behavior, taking a perspective beyond the, the static entitlements, but also using AI in different ways, beyond the use of behavior, all the context, all that Analyst thing, all that learning thing is something which helps us benefiting the thing. By the way, there's might be a question about, oh, particular. So I'm from Germany. So there's the typical privacy question.
Can we use the, the type of technologies over here? I think it's very worse.
Anyway, for everyone to read through the EU GDPR or Texas available for free online, there are a lot of so-called recitals at the beginning before the, the, the formal regulations, but they're part of that. And the recital number 49 says if it's about ensuring network, I security, we have alleged interest. I don't read the full text here, look at our GDPR. So we are allowed to do it. We can do it. And from my perspective, this entire thing, which looks at behavior looks at context. I just use the term UBA here. We can't take different terms.
All we do around identity, getting better here in this, based on the context, understanding what a user does, which context he comes in, this is really what is, has a huge potential security impact and this increasing more solutions. And that is where I'd like to hand over to Kelly because Kelly right now will go into far more concrete detail on how can identity can very, very concretely benefit from the identity context from AI and other stuff to mitigate risks. We are facing as business Kelly. It's your turn. All right. Thanks Martin. Right.
So let's talk a little bit about the importance of the identity context that, that you touched on there. We're going to discuss what context is and why it's so important. Talk about something that I call the utopian identity trifecta, and we're gonna go through a fun exercise, looking through history and, and kind of applying context to that. And finally end up talking about in the real world. What does it look like to apply this in your security ecosystem? So let's jump right in context is everything that without proper context, you can't make good decisions.
And so let's talk about Russian trolls. I'm sure that nobody's tired of hearing about that yet. The Russian trolls, if you've been living under a rock for the past couple years, the Russian trolls were involved in the 2016 elections in the United States. There's an organization in Russia called the internet research agency. Rob Rosenstein said about them that Russian conspirators want to promote discord in the us and undermine public confidence and democracy. What these people did was they would use social media to try to influence outcomes of the election.
And over the past year, we've seen, seen these people get prosecuted, actually get caught and, and start to get prosecuted. What happened was a severe lack of identity context. These people were posting online. They were completely anonymous.
They were, they were acting like us citizens, but nobody knew that they weren't. And because of that, they had an inordinate amount of influence on the elections. The upshot is that if we'd had the proper context at that time, then they would not be in the news. We would not be talking about that at all.
If, if people online had realized that these were Russians and not really American citizens posting, you know, political commentary, they would've probably just been ignored. So that is the power and the responsibility to have good identity context. So from an identity governance perspective, there's something that I call the utopian identity trifecta. And this is where everybody would like to be doing identity governance. There's three key things that everybody wants. Number one is to reduce your costs.
So either the amount of money that you're spending, or the amount of people that you have to employ, or the amount of time that they're spending, dealing with identity governance and access, you want to decrease that as much as possible. Your job though, is to actually enable the people, to do their jobs, by giving them the access that they need. If they need access to this file system, they should have it quickly. So you wanna make sure that that happens in a, in expedient manner. The last one though, is that you want to lower your risk as much as possible by giving people access.
You are kind of opening the doors in some ways, which introduces risk naturally, but you can mitigate those. And so you keeping these I balance is kind of where your identity happy place is. So let's look at those aspects and I'm gonna take you on a brief journey now, back over the past 30 years or so of identity through the times and, and how, how stuff has changed.
So let's, let's go back to the late nineties. You were probably wearing flannel and listening to grunge music and rocking out hard. At that time, it was kind of a bit of wild west. There wasn't much central management for accounts and access. And so provisioning technologies came about what, what happened was that they just basically gave an it, it was an it focus tool that you could centrally manage accounts, group access and passwords, things like that.
But it was all about getting people access that they needed quickly without having to log into each individual server or application to grant that. So here is the part in the webinar where introduce you to the trife oter, this is a sophisticated scientific device that I've created to measure how close you are to the identity utopian trifecta, and, and the provisioning era. Things were okay. The cost was going down, cuz it was easier to give access. People were getting access to what they needed quicker, but your risk was increasing because it was so easy to give access to people.
That's when we entered the next phase, the early two thousands provisioning had led to this giant entitlement sprawl. People were handing out entitlements and access. Like there was no tomorrow, they were super excited and hyped up because of their, their brand new shiny provisioning technology. And so they sending out this access all over the place, this caused a couple problems. One is that you access proliferated. The second problem was that you really didn't have a lot of good visibility into who had, who had access to what.
And so the solution there was when governance software was born and that's where sale point came about. Actually, we, we came to try to solve this problem and put some controls on top of that. You can do things like access reviews, periodic access reviews, where you look at what access your employees have, do policy checking, both proactive checking and reactive checking where you make sure that access is following whatever business policies use set in place and making a more sophisticated access request flow.
So putting better workflows on top of access request, requiring approvals, maybe doing some of that proactive policy checking during that process, our at is pretty cost is still down. People are getting access to what they need. And we've sort of started to get a handle on the risk by applying these governance controls, but we didn't stay in happy land for too long because late 20, late, late two thousands, a couple new technologies come around that change the landscape.
Again, cloud adoption really begins to take off cloud applications had been around before that, but it wasn't until this time that they really start to get a bunch of adoption. And if a business unit, they love this because if they needed access to a new tool, all they could, all they had to do was sort of whip out a credit card. And people within this business unit could log in and start using this new new tool. And it did exactly what they wanted. The problem with that of course, is that now there's a lot more systems that have to be governed and managed.
And a lot of it's sort of outside of the control of your it organization, people in their business units are just doing this on the corporate credit card and, and it doesn't even know what's going on. So part of this was a process change to fix that it kind of locked down and said, you know, if you want a new app, new system to use, you have to go through us still. But part of it was allowing these systems to be managed in your governance software as well. The other big trend that started happening at the same time was data access governance. And this is managing your unstructured data.
Your file shares all, all the data that's living out in your organization. That's not tied to a specific application when this came about the amount of surface that we had to govern exploded, because while you have dozens or hundreds of applications, you have, you know, tens of thousands, hundreds of thousands of millions of documents living out on your system. And so this became very large and cumbersome. Trife oter is not happy. Now the cloud and the data revolution sort of messed it up. Your cost is increased because there is so much to manage.
People are still getting access to what they need, but your risk is also really increased because now there's so much to manage that people, a human cannot cognitively understand exactly what they should be approving and what they shouldn't be approving, which leads us to today. And, and this segues nice, nicely from what Martin was talking about, where we're getting into artificial intelligence.
So the identity context that we have now, all of this data, the applications, the access, the behavior that people are doing, the file systems that they have access to, it's become incredibly rich, which is great. It's just very hard for a human to process that. And so artificial intelligence is uniquely suited to help this it's taking machine power that we have available to us.
Now, now that SAS is taking off and you have these data centers, storage is cheap. CPUs are cheap.
You can, you can actually do artificial intelligence or at least try to get there the weak artificial intelligence. And you can analyze that identity context that takes the human out of the equation, where, where the human couldn't actually make a good decision and what it, what it can help with is finding risky anomalies by pattern recognition and seeing what doesn't fit. And also importantly, it filters out things that are just everyday business.
It takes things that you shouldn't have to worry about and it filters them out so that you can focus on the important things that, that you should be worrying about. So of course now our trife oter is very happy. Cost is down because machines are doing more of the work for you. People are getting access to what they need and your risk has decreased because the people in charge of governing data are spending less time on Deju that they don't care about. And more time on focusing on what's actually risky. We're gonna move on to how to integrate this into your ecosystem.
But first talk about Kelly's four laws of identity context. These are things that are good to keep in mind when you're trying to figure out how to apply this and will come in useful as you integrate this stuff. The first is never throw away data. Keep it as much as you can. The second is that your identity context that you, that you keep should be enriched by all of the components in your ecosystem. So whether it's a seam tool or anything else, it can, that data is useful to fill out your identity context as much as possible.
The third part is feeding that context back out into other components in your security ecosystem. And the fourth rule is to automate whenever possible. So for the first one, you need to keep your data, artificial intelligence, machine learning. Those technologies rely on pattern recognition often, and they need a lot of data. They need good data, high quality data. They need it going back in time.
And so don't archive your data and just delete it completely when you're, when you're archiving your data, keep it around somewhere because chances are, that's gonna be very useful to a tool that can try to make sense out of this stuff. Law, number two is send context into your system. So as I mentioned, things like scene tools have events that are showing identity behavior privilege, access management systems have information about who's using accounts. That information is extremely useful to, to start to detect patterns and what's happening.
So that can be sent to identity AI from those systems identity. AI is the sale point solution for applying O artificial intelligence and machine learning to identity governance processes. It can be sent to identity AI or identity. AI can reach out into those systems and pull that data in. And what happens is that identity AI becomes your central storage house for all of the identity context. The third law is sending identity context back out.
So now, so now you have your identity context hub. You have all the raw data that's been collected within here, and you can send that out to your other systems. And that can come in two ways. One is just raw data. We've collected a ton of identity context, raw events, raw information about the users, all that sort of stuff, what entitlements they have that can be spread out throughout your other systems to help them make decisions. But where it gets really interesting is with enhanced identity context.
And this is where we take that giant lump of events, entitlement data, historical context, everything that we can get our hands on and let the machine try to do some thinking for us. We apply machine learning to do pattern recognition, to give recommendations, to do predictive analysis. And those insights are what become real useful to use throughout your security ecosystem. And finally, whenever you can, you want to automate things. You have this identity context, you have a machine that's starting to provide insights on this.
You want to try to automate whatever processes you can with that information. It's gonna help to lower your cost by making your process more efficient. It's gonna remove manual intervention from people, and it's also gonna lower your risk by pointing out the things that are really risky and filtering out the things that aren't. And I like to think of it as a sort of finding the, the risky needle inside of a haystack.
What machine does is it blows all the hay away and it pulls out a, a magnet and it sucks that needle in, and you can look at it and see, is this as risky or this is not risky and decide whether to allow it or not. But prior to machine learning, it's impossible to even find that needle. And so through artificial intelligence, it, it opens a lot of doors that weren't there before. How do you get there? You don't turn on automation on day one, no business user is gonna be comfortable with that. No auditor is gonna be fully comfortable with that.
It all starts with this base of just sharing the context. You know, we've collected all this identity context. We have it in a raw form. We have insights and recommendations that we provide from that. Just show the users what the machine is thinking. Once they can see that they can start to gain trust in the machine. They can say, Hey, you know what? The machine recommended the same thing that I would've done. I think maybe next time I can go with that decision.
And eventually when you're comfortable with that, you can start to automate some of the low hanging fruit use cases and increase that over time. So let's take a look at a specific case study of, of how this gets applied. We're gonna look at it, service management, a tool like ServiceNow or something like that, where people go in and they make requests for new access to other systems. They make requests for new it, resources that they need. What happens is people log into the system.
They say, I need access to, you know, the Q4 financials. They make that request. It goes through a workflow. Often there is a step in there that requires an approval from somebody to say, yes, Kelly should have that, or no, Kelly should not have that. And somebody has to make that determination when they approve it, that access gets granted and fulfilled. If they deny it, then Kelly's not happy cuz he doesn't get access to the Q4 financials.
So how does this, how does this apply to the, to our four laws of identity context from one, we can take the identity context from that it SM system and feed it back into identity AI. So there's a lot of really good information that happens when somebody makes an access request. There's things like who is making the request for whom are they making the request? What are they requesting access to? Who's making the decision about whether Kelly should have this access or not. What did that person decide? Did they decide to give it to me or not?
When was the last time this was approved within my department, things like that, all of that can get fed in to identity AI to enhance the identity context that we have. This is raw information that we, that we get in at that point, the machine can start to learn. It can do pattern recognition, it can do predictive analysis and it can provide that context back out, either in a raw form, just with the raw identity information or in an enhanced form. For example, through making recommendations on things that you might wanna request.
If you're a weirdo like me and I've made a bunch of weird requests, you might see some something like, Hey, you should join the polka enthusiast club. It could show up right there when you log in. Another thing that can happen is when that approval gets sent to the approver, the context can be shared from identity AI that says, yeah, this is probably a pretty good idea. Kelly should have this access or you know what? This doesn't look right. Kelly should not have access to the Q4 financials. He's just a lowly developer.
And so the, the, the approver can get that context to help them make their decision. And finally, you can actually use that context to automate those decisions in the workflow process. So the approver never even gets sent an email that says, Hey, Kelly's looking for this. Should he have it? If there's high confidence in that recommendation, the workflow can automate that approval or denial decision. So let let's wrap up here.
And we'll, we'll head on to Q and a after that, but sort of the high points that we've talked about, identity context is absolutely critical to smart governance. As Martin said earlier, just a view of the static entitlements is not enough. You need to know more about who this person is. You need to know, are they a Russian troll or are they in American citizen? Artificial intelligence is starting to become a requirement to handle the size and scope of the context that we're dealing with.
Now, as this has grown, you know, we took that journey over the past 30 years, as, as context has grown and your surface area has grown. It's just too hard for people to make good decisions on this. And so luckily it for us machines are powerful enough to do some of the thinking for you and solutions now exist like SalePoint identity, AI that can help to lead you into your utopian identity trifecta. They can help you to lower your cost, improve your efficiency, get people, access to the things that they need and decrease your overall risk posture.
Thank you, Kelly, with that, let's move to Q and a. This was a very insightful presentation. And as I said through part three of our webinar right now is the Q and a part. I have already a couple of questions here where we can start, I'm looking forward to receive more questions from the attendees, from the audience. So first questions, why is it important to keep so much historical data?
Yeah, great question. That, you know, machines are only as smart as what they see. Machines cannot be intelligent without having data that they can look at. So if I have, let's talk about machine learning and pattern recognition for a minute. If I have five images of cats and I hand them to a machine and I say, this is a cat, this is a cat. This is a cat. And I handed another image of a cat. It may or may not be able to tell me whether that's a cat. It could have a different, you know, different hair color.
It could be a different size, but if I have a million images of cats and I hand that to a machine and tell it, these are cats, it gets a lot better picture of what a cat looks like. And so that applies the same way to identity governance. The more information that you have, the more historical data about what looks normal, the easier it is for the machine to determine what is abnormal and that's really what we're after.
So, so, so do we really get enough data in a sort of a standard organization for, for access governance? I think it's easier to get 1 million pictures of cats as large volume of data.
Yeah, Yeah, yeah. You know, cats are pretty popular on social websites these days.
So it's, it's easy to come across those pictures. There is a variety, depending on what organization you're in of the access governance data out there. Some organizations are fairly mature in their access governance standpoint and they can provide you with a lot of good historical data about what things look like. Others are a little bit more haphazard and don't quite have those great processes in place.
One, one thing that we've seen actually is that a as people are confronted with an access certification, an access review or an approval because of the volume of these things that they get now, instead of going through and paying close attention to whether they should approve or reject each one, they kind of just pull out their rubber stamp and they say approve all. And when they do that, they're maybe letting some risky things slip through, but they're also not giving a good basis for the machine to learn.
Cuz if everything looks like an approval, the machine's gonna think it should approve everything. And so that's actually an interesting, an interesting thing that we have in identity AI, which is what I call a machine learning on ramp. So if the data that we have is not of high quality or of substantial size, you wanna push people to better governance practices so that they can get you that data. And we do that through using more of a, and you mentioned this in your overview of artificial intelligence technology slide, we use not an artificial intelligence to get people on board.
Initially, sometimes we use more of a rules based approach where we take common sense, best practices within identity governance, and use that to kind of provide our identity context. Insights are enhanced identity context, and that can steer people to starting to provide better data. And once that comes in, the machine can learn from that. Okay.
So, so how, how do I gain enough trust in the AR artificial intelligence to allow the system to automate decisions? Sure.
So this, this goes back to that predictive governance pyramid. You wanna start with just showing people what the machine is thinking, and it's not enough to provide a recommendation that says, yes, Kelly should have access to Q4 financials or no, Kelly should not have this. You actually have to let the users see why the machine thought that Kelly should not have access to this because he is a developer and the people that are most similar to him in the organization, none of them have access to this. That's something that a business user can see and decide. You know what that makes sense.
I can understand that over time, the decisions that the approvers make that gets fed back into the system. So if the approver follows a recommendation, if, if identity AI says, yes, you should approve this. And the approver decides to follow that recommendation, then identity AI says, Hey, you know what? I gave a good recommendation there, give myself a pat on the back and I'm gonna make that recommendation again. Next time.
However, if identity AI says, Hey, you should approve this. But the approver says, you know what? I know better. I need to reject this. That comes back into identity AI as well. And it's a little bit of a slap on the wrist for the machine machines says, oh, I, I gave some bad advice there. I need to learn from that. And so it starts to factor in the decisions that people have made, whether they follow the recommendations or not. Okay. I think that also answers another question which came in, which is, is raised.
How do you test and validate if the solution's working fine or, or doesn't does it really take time to validate? I think it's probably exactly the, the same sort of question you just answered here. Or is there anything you'd like to add?
Yeah, Yeah. You're you're right.
It, it does take time. A lot of that is gathering the statistics and the metrics and showing how, how good the machine is performing basically. And it that's a common thing in artificial intelligence. Anybody who does machine learning does this as part of their process is to, to get the best recommendations out there. The important thing is being able to show that to the users so that, so that they start to gain trust, right?
If, if your machine is only making good decisions, 70% of the time, you don't necessarily wanna start to automate those decisions yet cuz 30% of the time it's gonna be automating bad decisions, right? If your user can see that and start to, to see the uptick in how well the machine is performing, once it crosses, you know, a 90, 95% threshold, then you start to become more comfortable in saying I'm gonna automate some of this things that the machine has very high confidence in. Let's go ahead and automate that.
So if the machine says almost a hundred percent confidence that I should approve this, we can automate that approval. But, but you're right.
It, it takes time and it's important to see how the machine learns over time and to see those metrics. Okay. We have one more question. What other ways can I integrate identity context into my security ecosystem? Oh yeah. Yeah.
So, so that's interesting. The one that I, that I mentioned in, in the, in the webinar already was an ITSM system, right? So it's easy to see how a recommendation might come into play.
There, there there's other systems where, where you can tie the stuff in one is a, a sea system, which, which you mentioned earlier in your slides, Martin seam systems provide a ton of good information about what events are happening. So users have access. What the seam system provides is how are you people using that access?
And through that, you can provide that context back into identity, AI, that stream of events that are happening back into identity AI, and use that to start to detect anomalies, to combine that with what you know about the identity as a whole and see what's happening there. Another interesting way that you could integrate with the seam system is to take the insights that are generated within identity AI, the, by applying the machine learning and feed that big back into the seam or the UBA system say, we detected something really odd here.
This access in this access request that happened, maybe we're gonna alert the same system so that it can change its rules and algorithms on how it handles incidents. Another good one that that's in the space is for privileged account management or privileged access management with Pam software. What that does is it takes privileged accounts or privileged information and it makes it so that you have a central place to manage that.
So if somebody needs root access on your web server, they have to go into the Pam system and check out that account that also provides a lot of really good identity context that can come into play with, with making smart governance decisions. When people check out accounts. If I know that that you Martin are using this database administrator account all the time, that comes into my identity context and I can get a feel for what normal usage patterns are for you on the flip side. Okay. Okay. Go ahead.
On the flip side, when identity AI comes up with insights about things that look out of, out of the ordinary, it can actually push changes through the Pam system. So it can revoke account access from you. For example, that's just a way that we can tie in those insights in, into a couple of the, the security systems that you have. Okay.
Kelly, thank you very much for our information. I think we've gone through all the questions we have here, so thank you very much to all of the attendees of this call webinar. Thank you very much to you, Kelly, for all the information you, you delivered, hope to have you soon back at one of our upcoming webinar. Thank you and have a nice day. What.