How agentic AI and non-human identities are transforming cybersecurity

Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1.

Add to this the fragmentation of human identity management resulting from authorizing a single person’s access to multiple on-premises, cloud computing and hybrid environments, and enterprise identity and access management (IAM) becomes extremely challenging.

Trust no-one

The concept of applying zero-trust policies to reduce the risk of unauthorized access to corporate IT environments has been promoted for almost two decades. It involves battening down the hatches by removing everyone’s access to corporate assets and applications daily, and reinstating those entitlements at the start of each new working day.

Zero-trust policies are not mere paranoia: cyberattacks have been started via non-human identities as diverse as the retail HVAC units (Target breach) or a fish tank thermostat (breach at an American casino).

Block bad behavior

IAM platforms can be set up to consume information from an enterprise SIEM to help make decisions about whether access should be reinstated for a particular entity as part of identity, governance and administration. This IAM/SIEM integration can allow an organization to rapidly block privileged access based on anomalous behavior. Equally, IAM can feed data to a SIEM environment to contribute to its audit trail.

Everyone is equal, but some are more equal than others

The problem with zero trust within an all-human workforce is that hierarchies and political infighting inevitably lead to delays in fully implementing the policy.

IT administrators often find it difficult to deny access to senior executives, which opens loopholes in the system that can be thoroughly exploited through spear phishing and whaling attacks on privileged identities.

Learning from experience

Fifteen years ago, many privileged accounts had static passwords and activity on those accounts was not actively monitored, which created huge risks if those accounts were compromised. A widely reported example was the SCADA system of a Florida water-treatment plant which was remotely accessed by an unknown person, using a shared password, who proceeded to increase the concentration of lye added to the town’s drinking water supply. Thankfully, the unauthorized activity was immediately spotted by an eagle-eyed employee who shut down the access.

Incidents such as these drove the broader implementation of privileged access management tools, which provide an audit trail of activity and revoke privileged access after use.

Computer says no

The management of non-human identities can appear overwhelming. However, if an organization were to apply agentic AI and machine learning, that non-human identity infrastructure would simply follow the zero-trust rules and could create a much faster response system. An agentic AI handling the access removal and restoration process cannot be bullied into bending the rules, even for the most privileged individuals.

By applying agentic AI and machine learning, zero trust could be achieved and enterprises could realize greater ROI on passwordless technologies.

The caveat to AI-managed zero trust access is that rules must be well-defined, and restrictions set up correctly. However, there are huge potential benefits for applying machine learning and agentic AI for rapid response to security situations.

Realizing ROI from RPA

In a typical enterprise, the systems access for at least a thousand employees will be governed by the organization’s Joiners, Movers, Leavers model. However, in more complex environments, this can create a huge administrative burden. To address this, organizations are turning to robotic process automation (RPA) to undertake repetitive tasks such as resetting passwords.

As an example, a large financial institution that we worked with applied an RPA solution that quickly performs automated password controls and provides an audit trail back through our products via an API. By making use of the RPA, the organization was able to more rapidly introduce automated complex password creation and resetting to its environment and reap the productivity gains.

Realizing ROI from AI

The next frontier is applying AI to corporate governance policies around authorization and authentication to create a more streamlined model, in a similar fashion to AI’s application in the networking sphere to measure the security posture of enterprises.

Continuous service improvement within ITIL, and cyclical improvement process within agile and DevOps also stand to benefit from AI. Analyzing an entire enterprise ecosystem to understand who’s using what, when, and where, and then using machine learning and AI to modify and adapt policies and governance, could result in automated, cyclical improvement processes.

With the oversight of existing enterprise committees, systems would not have to be continuously redesigned, generating greater ROI through efficiencies and improved security through full adoption of zero-trust and passwordless technologies.

Managing NHIs and identity sprawl with AI

Identity, governance and administration (IGA) technology augmented with AI can continuously analyze each individual’s and NHI’s access, and dynamically adapt access according to that person, or entity’s behavior. As an example, if someone has left the building for the day, their access can be revoked until they return or log back in from their home IP address. If the AI isn’t compromised, it is much harder to break into someone’s working environment using this type of AI-enhanced IGA.

Systems will already flag anomalies, such as an identity trying to log into the same system from two different sides of the globe, within a timeframe that would be physically impossible to achieve. However, without constant monitoring, things will slip through the cracks.

In a typical corporate environment, it is too overwhelming to take all those vectors into account and ask each human to request access to everything they need to complete their daily tasks. This painful user experience would simply lead to workarounds and bad practices, such as leaving sensitive applications open after use.

However, if AI is used to handle all the mundane checks, administrators can focus their energies on setting up clearly defined rules. An example might be to set a rule preventing access earlier than 6am. If an employee needs access earlier than that, the AI could be programmed to ask some questions that only that employee can answer. This could then be backed up with a request for a thumbprint or physical token to re-authorize their access to specific applications.

The system then goes through and turns everything back on. This is where automation through non-public facing AI and machine learning offers huge productivity and security benefits. The AI can be applied to carry out very basic functions for converting documentation, and plain language.

Of course, cyber attackers are also utilizing AI to develop ever more sophisticated methods to circumvent defenses. Counteracting AI with AI is one of the advanced features of what analyst firm, Kuppinger Cole, terms an Identity Fabric. Within an Identity Fabric, AI and machine learning algorithms augment the enforcement of risk-based authentication by dynamically adjusting security measures to new and emerging threats.

A future framework: NHIs, humans, and AI

An Identity Fabric orchestrates and automates the various parts of efficient and robust identity management. This includes providing self-service options for users to reduce helpdesk requests for password resets and access issues.

The mix of automation, self-service and enforcement of best practices improves operational efficiency. IT teams no longer need to manually manage fragmented identities, thus reducing overhead. Operational efficiencies turn into cost efficiency when the integrated Identity Fabric removes the need to pay for and manage redundant identity management tools and fragmented solutions.

The centralized control of an identity reduces identity silos and closes security gaps. AI-driven monitoring helps detect identity attacks early before they become an incident. Insider threats are mitigated by enforcing zero trust, augmented by adaptive authentication, and sensitive data is protected.

Based on the evolution of IAM to date, I foresee AI models being integrated to provide additional visibility and oversight of the identity estate as the number of NHIs continues to grow. There is potential for the modeling of the security infrastructure that governs non-human identities to be performed first by AI and then refined by human administrators.