The Challenges of Generative AI in Identity Management
Illustration: © AI For All
Generative AI has been the topic of conversation ever since OpenAI thrust it into the mainstream. In fact, there are few industries not feeling significant shifts from the technology, from customer service to healthcare and everywhere in between.
One only needs to look at the numbers: a recent John Snow Labs study revealed that GenAI budgets have increased significantly from 2023, with nearly 20 percent of healthcare technical leaders reporting a budget growth of over 300 percent.
It’s not so surprising. When executed correctly, the value of GenAI is undeniable, offering substantial savings in time, money, and resources. But the hard truth is, most GenAI projects fail.
There are a slew of reasons why, ranging from unrealistic expectations, to a lack of data science talent to run point on AI initiatives.
One area experiencing this first-hand is identity management. This is the cornerstone of security and compliance at every organization. And while there’s big potential for GenAI transformation, there are several key challenges that smart leaders should keep in mind.
Key Challenges
Data Quality Issues
All AI success is dependent on the quality of the data it processes. Unfortunately, in many organizations, identity data tends to be disorganized, outdated, and inaccurate. For instance, a recent survey found that 50 percent of respondents rely on email for managing permissions and entitlements.
The principle of "garbage in, garbage out" is particularly relevant here; if the input data is flawed, the AI-generated outcomes will be equally flawed and essentially worthless.
Business Silos
A significant hurdle for both GenAI applications and IT departments is the integration of data from various isolated systems, including emails and spreadsheets. This integration challenge is compounded by the need to ensure the accuracy of the data.
In identity management, this means verifying that all employees are current, in the correct positions, and have appropriate access rights, as reflected in the data.
Data Handling Complexities
GenAI requires extensive data to operate effectively. Identity governance systems deal with sensitive and varied datasets, including personal and access-related information.
Ensuring that GenAI models can handle this data while maintaining privacy and security involves complex processes of data anonymization and encryption.
Reliability
Identity governance relies on precise user identification, access control, and compliance monitoring.
GenAI models can sometimes generate inaccurate or unexpected results due to biases in the training data or inherent model limitations. Establishing the reliability and trustworthiness of AI decisions for critical governance tasks is a major challenge.
Compliance
Identity governance systems must comply with stringent regulatory standards such as GDPR and HIPAA. Integrating GenAI into these systems requires thorough compliance checks and auditing capabilities.
The AI must be transparent and explainable, which is often difficult with complex generative models, posing potential regulatory risks.
To achieve the desired outcomes from GenAI—and to enhance overall business operations and security—organizations must prioritize data cleanliness. Otherwise, GenAI results will fall short of expectations, leading to wasted time, resources, and frustration.
There are tools available to assist with this process. For example, the Common Service Data Model (CSDM) offers a standardized set of terms and definitions applicable to all ServiceNow products.
It consolidates duplicated platform data from various functions such as SecOps and CMDB into a central repository. But it still requires clean data.
Interest for GenAI
The rising interest and budgets for GenAI capabilities indicate it’s not going anywhere. While data synchronization tools are a beneficial first step, they’re not the stop-gap solution. If you plan to leverage GenAI in your identity management program, it's crucial to commit time and resources to getting your data in order first.
Generative AI
AI Bias
AI Data
Author
Jackson Shaw began his identity management career as an early employee at Toronto-based Zoomit Corp., a pioneer in the development of meta-directory products that Microsoft acquired in 1999. While at Microsoft, he was responsible for product planning and marketing around Microsoft’s identity and access management products, including Active Directory and Microsoft Identity Manager. Jackson has held various senior product management and marketing roles since Microsoft, including at Vintela, Quest Software, Dell, One Identity, and Forcepoint. He studied computer science at the University of Ottawa, Canada.
Author
Jackson Shaw began his identity management career as an early employee at Toronto-based Zoomit Corp., a pioneer in the development of meta-directory products that Microsoft acquired in 1999. While at Microsoft, he was responsible for product planning and marketing around Microsoft’s identity and access management products, including Active Directory and Microsoft Identity Manager. Jackson has held various senior product management and marketing roles since Microsoft, including at Vintela, Quest Software, Dell, One Identity, and Forcepoint. He studied computer science at the University of Ottawa, Canada.