Seems like a strange question for a hardened and pragmatic cybersecurity practice, right? But it’s actually quite necessary to the ongoing and rapid evolution of Identity Access Management (IAM). We are at the forefront of an IAM revolution. IAM has always striven for better automation and the possibility of how machines could make more informed decisions due to the necessity, ubiquity, and potentially overwhelming nature of the IAM presence in an organization. This can quickly become a “whack-a-mole” exercise as humans manually review and make decisions that can have rippling effects within their infrastructure. Artificial Intelligence (AI), previously the stuff of science fiction, with a rote implementation that has yet to fulfill the prophecy of Isaac Asimov is now seeing arguably great strides with the fervor over facets like ChatGPT and its growing list of possibilities. But still, automation, machine learning, and even AI must be curated. Nowhere is this more true and intense than in cybersecurity. At some point and typically many points, a human must review, ensure, check, double check, talk to another human(s) to validate, and then perform the whole process over again at various points in the life cycle. We always try to lessen this need, but it never fully goes away. The real challenge though, is perception; the blurry ideals and expectations that inherently exist in human nature and understanding. And it’s not human fault, much like the shortcomings of AI are not its fault. Information output is only as good as information input. You don’t know what you don’t know. For humans, erroneous and/or incomplete information creates extraneous cognitive load, doubt, and ultimately anxiety. That’s a recipe for disaster in an IAM environment. So how do we solve it in the now and not wait upon the robot dreams of some future state?
