By Joel Rennich, VP Product Strategy at JumpCloud. JumpCloud were finalists in the Best Identity Access Managament (IAM) / Single Sign-On (SSO) Solution category at The 2024 Cloud Security Awards.

 

Modern identity management is complex. IT teams are tasked with securing users’ identities within a system, network, or organization and across whatever devices they use to access IT resources.

The difficulties of managing employee identities have changed significantly from the early days of computing and terminal-based authentication. Traditional username and password combinations have been replaced by biometrics. Organizations have moved away from Windows-dominant IT environments toward alternatives that support macOS, Linux, Android, iOS, and other systems. Add in the proliferation of SaaS applications and accounts, it’s no wonder that managing workers’ access and their devices has become increasingly burdensome.

Identity management now requires creating, maintaining, and revoking access to resources through user or device identities—making sure the right individuals have the correct access permissions based on their roles. Plus, these roles are often constantly shifting. Maintaining a viable balance between making it easy for workers to do their jobs while securing organizational data and resources is a tall order.

It’s no surprise that IT teams are bullish on how artificial intelligence can help. Nearly 80% report that AI will benefit their organization and that their organization should be investing in it.

The Value of AI in Identity Management

Already, AI is making headway in identity management. It offers more efficient and adaptable processes and solutions in the areas of:

  • Continuous and step-up authentication: AI can conduct ongoing analysis of behaviors, geographic locations, and device data for real-time user verification. This method improves security by adapting to users’ evolving behaviors and varying environments.

  • Productivity and efficiency: AI’s capacity to ingest vast amounts of data allows IT teams to process and analyze data at scale – critical for maintaining operational efficiency.

  • Behavioral analysis and risk assessment: AI can identify user behavior, patterns, and trends to detect deviations that might indicate security threats or unauthorized access.

  • Improved user experience: By learning users’ behaviors, AI can personalize authentication processes and reduce workday interruptions without impacting security. This can eliminate onerous or repetitive authentication steps.

  • Adaptability: AI can dynamically adjust without compromising security, a critical feature as work patterns and project needs regularly change. This flexibility ensures that employees can access the resources they need while maintaining high levels of data protection.

The Road Ahead with AI

Yes, AI has already significantly impacted identity management—but there’s little question that we’re at the beginning of a long journey. While a future shaped by effortless recognition through typing patterns, eye characteristics, or full body behavior isn’t yet within reach, businesses are embracing and experimenting to see what’s possible.

Deloitte finds that 79% of firms expect generative AI to transform their organizations—but not for three years. Today, organizations’ expectations of AI are much lower, relying on it for more practical results like improved efficiency and productivity (56%), reduced costs (35%), and product and service improvements (29%).

In time, how consequential AI will be in identity management will be determined by progress in three key areas:

Accuracy: While close is good enough for horseshoes, in identity management, accuracy is everything. Workflows change, permissions evolve, and tasks and responsibilities shift. In identity-related areas, the margin has to be zero. Researchers at Stanford and UC Berkeley found that in March 2023, GPT-4 identified prime numbers with a nearly 98 percent accuracy. Just four months later, its accuracy dropped to less than 3 percent—for the same task! For now, AI can analyze and detect anomalies around user and device behavior, but it’s not ready for prime time.

Careful evaluation and selection of datasets and monitoring of output will be critical for accuracy, mitigating risks, and preventing issues like AI hallucinations. Starting with simple applications like streamlining complex queries or transforming natural language queries into executable API calls can drive value while minimizing risks.

Data governance: For companies handling personal identifying information (PII), AI requires strong guardrails around data protection. While official bodies work to develop far-reaching AI legislation and regulation, the onus is on individual businesses to ensure that any AI systems comply with strict data governance policies around security and privacy. Implementing robust protocols and encryption methods can safeguard PII from unauthorized access or breaches.

Transparency and ethical considerations: Clear communication with employees and customers about how AI will be used for managing identity is key. Teams must also stay open to hearing concerns users and customers have around privacy and bias – and addressing them. A company’s AI policy should include an ethical framework to help guide decision-making processes; training for employees about maintaining data privacy; secure data handling; and processes for identifying AI-generated phishing attacks.

Building an AI Foundation for the Future

While today’s benefits of AI are more practical than visionary, incorporating AI now can boost efficiency and productivity. By focusing on accuracy, data governance, and ethical considerations, organizations can tap into AI’s benefits while building a strong foundation for deeper integration with AI. As hardware vendors come out with more powerful processors that include dedicated AI and neural processing engines, running AI tasks locally will become a more interesting way to tap into the promise of AI without having to give up all of your PII.

We are still in the early stages of AI development, and a cautious and deliberate approach allows organizations to benefit in more marginal ways now and prepare for AI’s revolutionary promise tomorrow.

Jumpcloud Logo

Finalist for Best IAM/SSO Solution – 2024 Security Awards

JumpCloud® helps IT teams and managed service providers (MSPs) Make Work Happen® by centralizing management of user identities and devices, enabling small and medium-sized enterprises to adopt Zero Trust security models. Its open directory platform fully integrates identity lifecycle with MFA, SSO, passwordless authentication, password management, MDM, patch management, and system Insights across OSs — Apple, Windows, and Linux.

JumpCloud has been used by more than 200,000 organizations, including GoFundMe, Grab, ClassPass, Beyond Finance, and Foursquare.

About the Author: Joel Rennich

Joel is currently VP Product Strategy at JumpCloud. Joel is a seasoned engineer and manager, and in his spare time enjoys volunteering at his local youth soccer club and home community clubs.