Submit the keyword or topic you are searching for

  1. Home
  2. Technology
  3. How AI Can Power A New Era Of Agile Access
Technology

How AI Can Power A New Era Of Agile Access

As identity-based attacks continue to disrupt enterprises and the broader economy, companies will be driven to modernize their identity infrastructure.

featured-image

Tarun Thakur is Co-founder and CEO of Veza . Every company hopes to follow the "principle of least privilege" which says that a company should give the least access possible for an employee to do their job. It's a core tenet of every cybersecurity program, but no organization comes close and the problem is getting worse each year.

IT teams acknowledge that a vast majority of employee access sits unused, and benchmark data from my company, Veza, further backs this. When it comes to identity, centralized governance was never very practical. The folks who grant access couldn’t know who needs access to what.



What choice did they have but to ask an employee’s manager? It wasn’t much easier for managers, either. They couldn’t know which groups and roles would deliver the right entitlements. Given the delays of this back-and-forth, managers have had a strong incentive to think "better safe than sorry" and approve lots of access.

Is it any wonder that the principle of least privilege eludes so many organizations? Removing Friction And Providing Context This challenge grows every year. The IT landscape is evolving, and companies are adopting more cloud-based infrastructure. They’re also adopting new generative AI applications.

With each new cloud service, app or data warehouse, companies take on another identity silo with its own unique model for controlling access. For many of these systems, IT has ceded control, and either engineers or business teams have taken charge of access. This may be good for speed, but it creates a real challenge for security.

Every year, security gets a longer checklist of places to check, just to see if controls are in place. Identity and security teams assemble queries on a sporadic basis, annoying the line-of-business teams as they investigate, ask questions and demand spreadsheets. As the business world collects more and more identity silos, the friction grows.

There is a better way. I believe the key to removing access friction is to provide context to all decision-makers. App owners and engineers need to be empowered to choose the right entitlements.

Security and compliance teams need to be empowered to see who has access to what (and how they got it). Both sides need the context of what’s "normal" for a role. They also need to see what access is actually being used, which is one way of evaluating normal access.

If both sides get context, they can move faster than ever before, making adjustments to access that are accurate and fast. This can bring a new era of agile access. The Challenge Of Achieving Agile Access Achieving agile access relies on understanding permissions data.

However, much of this data is scattered across various identity silos. These silos include directory services like Active Directory and Azure Entra AD, SSO tools like Okta and Ping, as well as cloud platforms like AWS, Google Cloud and Microsoft Azure and every SaaS application. Historically, there hasn't been a unified system to interpret all this permissions data.

Yet, this information is exactly what organizations need to gain a comprehensive view of access. Traditionally, companies have struggled to effectively use identity data due to a fundamental design choice—organizing it in tree structures. Whether in Active Directory, Okta or identity governance tools like SailPoint, identities are arranged in trees with groups and roles as branches.

These structures are rigid and cannot capture the complexity of permissions, which are layered, nested and interdependent. As a result, the overall view of permissions is lost. To enable agile access, traditional identity tools (IAM, IGA, PAM) must evolve beyond these rigid tree structures.

Can identity tools learn to understand permissions data? Maybe. It won’t be easy. It’s costly to re-architect software.

Vendors that have built hundreds of integrations would need to redesign them all to handle permissions data. It's rare for software vendors to completely start from scratch. As the saying goes, a leopard can't change its spots.

Many companies today are proving that it's possible to unlock permissions data and translate it into a language everyone can understand. Both security and business teams are gaining the context they need to choose roles that truly follow the principle of least privilege. Once organizations gain the ability to understand permissions, they often wonder how they ever operated without it.

Permissions data is also set to significantly enhance AI's capabilities. AI can now help determine who should have access to what. Machine learning can help identify which roles are actually utilizing permissions.

With generative AI, it's even possible to investigate access simply by having a conversation with the system. Final Thoughts To make progress toward least privilege, companies should follow industry best practices, including those enshrined in frameworks like the NIST cybersecurity framework (CSF). Such practices include periodic access reviews, in which managers approve or reject permissions for each employee.

Identity teams should also regularly re-evaluate default permissions granted during "birthright provisioning" for new employees and run regular queries to ensure that no employee has acquired combinations of access that are prohibited by separation-of-duty policies (e.g., one person has the ability to both pay vendors and do bank reconciliation).

Teams should query database and cloud systems to check for privileged access, ensuring those users are required to use multifactor authentication. Be extra careful checking privileged access to identity platforms, which can be exploited to create new accounts with elevated privilege. Finally, for non-human identities (NHIs) like service accounts, make sure every identity has a human owner charged with inspection and eventual removal.

As identity-based attacks continue to disrupt enterprises and the broader economy, companies will be driven to modernize their identity infrastructure—cybersecurity strategy will demand it. To do this, they must adopt the principle of least privilege as their guiding standard and seek identity tools that fully understand permissions. AI can help scale access control in ways never seen before, but only when it can analyze detailed permissions data in enterprise systems.

Innovative startups, alongside forward-thinking customers, are paving the way for agile access. The good news is that, for the first time in decades, the principle of least privilege is within reach. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.

Do I qualify?.

My Protein Germany

Myprotein UK

Menkind UK

Top News

ON THIS DAY IN OUR HISTORY: Sentenced to hard labor!

A youth group has taken on the work of two gardeners who hav...

Kaduna: Police arrest 5 suspected kidnappers, others, recover stolen vehicle

Polling for by-elections in 18 districts of Sindh today

Molecule may help plants fight disease

Related Posts

post-thumbnail
Technology

HP Patents Screen That Folds Around Laptop

post-thumbnail
Technology

BYD's electric supercar is China's fastest car

post-thumbnail
Technology

Bob Lee’s accused killer says tech executive ‘went crazy on me’

post-thumbnail
Technology

STALKER 2's final PC system requirements - RTX 4070, 32GB of RAM, and 160GB required

post-thumbnail
Technology

Electric boats are making waves in Southern California

post-thumbnail
Technology

Samsung Galaxy Tab S10 Ultra now with Galaxy Ai

post-thumbnail
Technology

Amazon leaves Snowcone data migration boxes and older Snowball edge kit out to melt

post-thumbnail
Technology

IBM, 신규 양자 하드웨어 및 소프트웨어 공개